Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Check Up - Boot Time takes a bit long and some signs of Adware

Started by Agent Shark , May 30 2015 06:04 PM

  • This topic is locked This topic is locked

#1
Agent Shark
Posted 30 May 2015 - 06:04 PM

Agent Shark

    Member

  • Member
  • PipPipPip
  • 106 posts

Hey everyone,

 

I've been having some adware show up through MBAM and was wondering what was going on with my machine. As I'm going to college soon, I'd love to get my issues fixed so I don't have to worry in the future.

 

Here are the logs requested by you guys:

 

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by David (administrator) on MAIN-PC on 30-05-2015 19:58:02
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\David\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [Dashlane] => C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe [227512 2015-04-17] ()
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [Spotify] => C:\Users\David\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863560 2015-05-25] (Google Inc.)
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\MountPoints2: {7669d596-3c31-11e4-8261-c0d962b7424d} - "E:\LaunchU3.exe" 
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2014-09-25]
ShortcutTarget: Curse.lnk -> C:\Users\David\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\x64\Dashlanei.dll [2014-11-12] (Dashlane)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-13] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\Dashlanei.dll [2014-11-12] (Dashlane)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-13] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\x64\KWIEBar.dll [2014-11-12] (Dashlane)
Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\kf8gb78o.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\kf8gb78o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-15]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\kf8gb78o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]
FF HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-04-23]
 
Chrome: 
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-01-09]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (James White) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2014-11-04]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Cast) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-03]
CHR Extension: (Spotify - Music for every moment) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-12-05]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-12-05]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-07]
CHR Extension: (Dashlane) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-08-27]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-02]
CHR Extension: (Google Calendar (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-12-05]
CHR Extension: (Save to Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-09-02]
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-01-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKU\S-1-5-21-360457500-3761877600-3937798138-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-05] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-05] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-11-10] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
U0 dlwwef; C:\Windows\System32\drivers\aofo.sys [79064 2015-05-30] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-05] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 19:58 - 2015-05-30 19:58 - 00024336 _____ () C:\Users\David\Desktop\FRST.txt
2015-05-30 19:57 - 2015-05-30 19:57 - 02108928 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-05-30 19:54 - 2015-05-30 19:54 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\aofo.sys
2015-05-29 22:57 - 2015-05-29 21:36 - 1044381696 _____ () C:\Users\David\Desktop\ubuntu-14.04.2-desktop-amd64.iso
2015-05-29 22:05 - 2015-05-30 19:50 - 00000000 ____D () C:\Users\David\VirtualBox VMs
2015-05-29 22:04 - 2015-05-30 19:50 - 00000000 ____D () C:\Users\David\.VirtualBox
2015-05-29 22:04 - 2015-05-29 22:04 - 00001063 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-05-29 22:04 - 2015-05-29 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-05-29 22:04 - 2015-05-13 17:11 - 00922704 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-05-29 22:03 - 2015-05-29 22:03 - 00000000 ____D () C:\Program Files\Oracle
2015-05-29 22:03 - 2015-05-13 17:10 - 00128592 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-05-29 21:59 - 2015-05-29 22:01 - 111273672 _____ (Oracle Corporation) C:\Users\David\Downloads\VirtualBox-4.3.28-100309-Win.exe
2015-05-23 16:49 - 2015-05-23 16:50 - 05176224 _____ (Respondus, Inc.) C:\Users\David\Downloads\PearsonLockDownBrowser (1).exe
2015-05-20 22:06 - 2015-05-20 22:06 - 00000000 ____D () C:\Users\David\AppData\Local\Skyrim
2015-05-20 22:05 - 2015-05-22 12:23 - 00012363 _____ () C:\WINDOWS\DirectX.log
2015-05-20 21:52 - 2015-05-20 21:52 - 00000805 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-20 21:25 - 2015-05-20 21:25 - 06484352 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup505.exe
2015-05-18 13:05 - 2015-05-18 13:18 - 00000000 ____D () C:\Users\David\AppData\Local\Arma 3 Launcher
2015-05-18 13:05 - 2015-05-18 13:05 - 00000000 ____D () C:\Users\David\AppData\Local\Bohemia_Interactive
2015-05-16 16:04 - 2015-05-16 16:04 - 00000000 ____D () C:\Users\David\AppData\Local\EdgeOfReality
2015-05-15 18:44 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 18:44 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 18:19 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-15 18:19 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-15 18:19 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-15 18:19 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-15 18:19 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-15 18:19 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-15 18:19 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-15 18:19 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-15 18:19 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-15 18:19 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-15 18:19 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-15 18:19 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-15 18:19 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-15 18:19 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-15 18:19 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-15 18:19 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-15 18:19 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-15 18:19 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-15 18:19 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-15 18:19 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-15 18:19 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-15 18:19 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-15 18:19 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-15 18:19 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-15 18:19 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-15 18:19 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-15 18:19 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-15 18:19 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-15 18:19 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-15 18:08 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-15 18:08 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-15 18:08 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-15 18:08 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-15 18:06 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-15 18:02 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-15 18:02 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-15 18:02 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-15 18:02 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-15 18:02 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-15 18:02 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-15 18:02 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-15 18:02 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-15 18:02 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-15 18:02 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-15 18:02 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-15 18:02 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-15 18:02 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-15 18:02 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-15 18:02 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-15 18:02 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-15 18:02 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-15 18:02 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-15 18:02 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-15 18:02 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-15 18:02 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-15 18:02 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-15 18:02 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-15 18:02 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-15 18:02 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-15 18:02 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-15 18:02 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-15 18:02 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-15 18:02 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-15 18:02 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-15 18:02 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-15 18:02 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-15 18:02 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-15 18:02 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-15 18:02 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-15 18:02 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-15 18:02 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-15 18:02 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-15 18:02 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-15 18:02 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-15 18:02 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-15 18:02 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-15 18:02 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-15 18:02 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-15 18:02 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 17:10 - 2015-05-13 17:10 - 00204264 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2015-05-13 17:10 - 2015-05-13 17:10 - 00156360 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2015-05-13 17:10 - 2015-05-13 17:10 - 00141440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2015-05-07 21:49 - 2015-05-07 21:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-07 21:49 - 2015-05-07 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pearson LockDown
2015-05-07 21:49 - 2015-05-07 21:49 - 00000000 ____D () C:\Program Files (x86)\Pearson LockDown Browser
2015-05-07 21:49 - 2006-01-04 13:04 - 01410704 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\FPSPR70.ocx
2015-05-07 21:49 - 2006-01-04 13:04 - 00729161 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\fpimage.dll
2015-05-07 21:41 - 2015-05-07 21:42 - 05176224 _____ (Respondus, Inc.) C:\Users\David\Downloads\PearsonLockDownBrowser.exe
2015-05-05 13:43 - 2015-05-05 13:42 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-05 13:42 - 2015-05-05 13:42 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-02 17:16 - 2015-05-02 17:16 - 00000000 ____D () C:\Users\David\AppData\Local\Blizzard
2015-05-02 17:13 - 2015-05-02 17:16 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-02 17:13 - 2015-05-02 17:13 - 00001204 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-05-02 17:13 - 2015-05-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-05-02 17:12 - 2015-05-02 17:12 - 03057720 _____ (Blizzard Entertainment) C:\Users\David\Downloads\Hearthstone-Setup-enUS.exe
2015-05-02 13:48 - 2015-05-26 22:50 - 00010488 _____ () C:\WINDOWS\PFRO.log
2015-05-02 11:44 - 2015-05-02 11:44 - 00000000 ____D () C:\Users\David\AppData\Local\openvr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 19:58 - 2014-06-11 16:19 - 00000000 ____D () C:\FRST
2015-05-30 19:55 - 2014-07-16 03:11 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 19:54 - 2014-11-22 17:33 - 00000000 ____D () C:\ProgramData\APN
2015-05-30 19:51 - 2014-07-15 23:28 - 01076575 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-30 19:44 - 2014-07-15 21:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Spotify
2015-05-30 19:40 - 2015-04-19 16:46 - 00030113 _____ () C:\WINDOWS\setupact.log
2015-05-30 19:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-30 18:12 - 2014-07-16 20:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 18:10 - 2014-07-16 21:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-30 14:13 - 2014-07-15 20:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-360457500-3761877600-3937798138-1001
2015-05-30 13:43 - 2014-07-15 20:38 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48E5C617-BFFE-4F97-BECB-665C2DEA4ECF}
2015-05-29 22:05 - 2014-07-15 20:33 - 00000000 ____D () C:\Users\David
2015-05-29 21:54 - 2014-07-16 03:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 21:04 - 2014-09-17 23:54 - 00000000 ___RD () C:\Users\David\Google Drive
2015-05-29 12:16 - 2014-07-15 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Spotify
2015-05-28 02:46 - 2014-07-19 22:23 - 00004970 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MAIN-PC-David main-pc
2015-05-27 23:56 - 2014-07-16 03:11 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-26 23:02 - 2014-07-15 20:44 - 00000000 ____D () C:\Users\David\AppData\Roaming\Dashlane
2015-05-26 22:56 - 2014-07-15 20:37 - 00000000 ___DO () C:\Users\David\OneDrive
2015-05-26 22:51 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-26 22:50 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-26 22:45 - 2014-07-30 08:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-26 16:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-23 17:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 16:52 - 2014-07-19 22:23 - 00003094 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-360457500-3761877600-3937798138-1001
2015-05-22 02:09 - 2014-11-22 17:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2015-05-22 02:04 - 2014-08-01 00:36 - 00000000 ____D () C:\Program Files (x86)\Mumble
2015-05-21 22:24 - 2013-08-22 11:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-21 22:22 - 2015-04-05 16:31 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-21 22:22 - 2015-04-05 16:31 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-21 21:19 - 2014-11-29 17:51 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-21 21:18 - 2015-01-11 23:06 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-21 21:18 - 2015-01-11 23:06 - 00000982 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-05-20 21:54 - 2014-09-14 14:28 - 00000000 ____D () C:\Users\David\Documents\My Games
2015-05-20 21:52 - 2014-12-19 16:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-20 21:50 - 2014-07-16 03:11 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 21:49 - 2014-07-16 03:11 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-20 21:46 - 2014-07-20 14:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-18 13:07 - 2014-10-24 12:58 - 00000000 ____D () C:\Users\David\AppData\Local\Arma 3
2015-05-18 13:00 - 2014-07-16 03:11 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-15 22:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 21:58 - 2014-09-17 22:21 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 21:28 - 2013-08-22 10:44 - 00380912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 21:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 21:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 18:42 - 2014-07-15 21:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-15 18:32 - 2014-07-15 21:02 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-15 18:23 - 2014-03-18 05:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2015-03-23 23:12 - 00003744 _____ () C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2015-05-15 17:14 - 2015-03-23 23:12 - 00001005 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-05-15 17:14 - 2015-03-23 23:12 - 00001005 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-05-15 17:14 - 2015-03-23 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-05-15 17:14 - 2015-03-23 23:12 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-05-08 19:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-05-08 12:25 - 2015-01-11 13:41 - 00000000 ____D () C:\Users\David\AppData\Local\Game Dev Tycoon - Steam
2015-05-06 00:31 - 2014-12-13 15:22 - 00000000 ____D () C:\Users\David\AppData\Local\Battle.net
2015-05-05 19:40 - 2014-09-17 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-05 13:59 - 2015-03-12 20:37 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-12 20:37 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 13:42 - 2014-07-16 03:10 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-05 13:42 - 2014-07-16 03:10 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-04 19:09 - 2014-07-20 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-02 17:13 - 2014-12-13 15:22 - 00000000 ____D () C:\Users\David\AppData\Roaming\Battle.net
2015-05-02 17:13 - 2014-12-13 15:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2014-08-13 14:15 - 2014-08-13 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-28 02:27
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by David at 2015-05-30 19:58:59
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-360457500-3761877600-3937798138-500 - Administrator - Disabled)
David (S-1-5-21-360457500-3761877600-3937798138-1001 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-360457500-3761877600-3937798138-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - Infinity Ward)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Dashlane) (Version: 3.2.5.83379 - Dashlane SAS)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{A77A34ED-A902-4493-8B84-C04DDF399CEB}) (Version: 0.92.113 - Dotjosh Studios)
f.lux (HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Flux) (Version:  - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.18 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gyazo 2.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Neighbours from [bleep] (HKLM-x32\...\Steam App 260750) (Version:  - JoWooD Vienna)
Neighbours from [bleep] 2 (HKLM-x32\...\Steam App 260770) (Version:  - )
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150120.100528 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pearson LockDown Browser (HKLM-x32\...\{1F8BAD3E-1EE5-43ED-B5DB-F6311DA7666A}) (Version: 1.04.23 - Respondus, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.10 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
Spotify (HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{15A46FA1-A72D-4509-A059-A4A2C1496108}) (Version: 2.2.3.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
The Sims™ Life Stories (HKLM-x32\...\{DA932D71-E52A-43D5-009E-395A1AEC1474}) (Version:  - )
Town of Salem (HKLM-x32\...\Steam App 334230) (Version:  - BlankMediaGames)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-360457500-3761877600-3937798138-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
15-05-2015 18:21:47 Windows Update
20-05-2015 22:03:23 Installed DirectX
22-05-2015 02:02:50 Removed Mumble 1.2.7
23-05-2015 16:50:36 Installed Pearson LockDown Browser
29-05-2015 22:02:52 Installed Oracle VM VirtualBox 4.3.28
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06114626-7264-4F16-9C11-751453F48444} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {09FADB8D-C005-4AFE-AB7E-88C723BFA7C5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-15] (Microsoft Corporation)
Task: {10D9C638-F5B5-4C44-B5DA-8C5DE7D4D938} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-04-30] ()
Task: {29F76411-E66C-4402-87BC-7EBD25FBF226} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-360457500-3761877600-3937798138-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {4936C98E-CA65-457C-A293-539EAC67A4A4} - System32\Tasks\{477DD642-9F55-41DC-A3DE-E8CB7B7E1EE8} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {5733176E-146C-4971-9BCB-F6A7548C26E9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-05] (Avast Software s.r.o.)
Task: {680AB5C5-CB2F-46C3-99A0-02A13B17672B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {81C4D8B1-9C01-49A6-BE03-34C384962A0F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MAIN-PC-David main-pc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {88546C81-6313-4A22-82D6-6F3F845C2940} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {886655BA-5286-4A75-9971-037EC9EC62F2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {8D943797-7B66-4B1F-9278-16F036CBE06B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {96874E68-0E09-4F3D-B425-8A903B6C11BB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {9AF2E483-48D4-4B22-92CE-FFA2E22BC0EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {9EE2AB5F-9BB4-4033-86D4-47E0FE4E8949} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {AEE7F332-62C7-4FA5-8564-EAD958B27E31} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {AF5E13C0-CC93-4E6A-B443-C52BF7ED9F64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {B50122D0-B9F6-4F1A-A6AF-E21C73FB0B51} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B64289DE-2926-4F80-90CE-B61B19E61FC5} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-360457500-3761877600-3937798138-1001
Task: {BA8579AA-0275-4DC8-A08E-72E02F456E7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {D2D42CE9-04C8-4008-A396-663479A12047} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D2D7A65D-745A-41FF-AE60-2407DAFC1E42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {E6C9AEA3-7F49-4560-BE3F-FE93B06D822D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 01:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 21:37 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-15 17:14 - 2015-04-17 12:47 - 00227512 _____ () C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
2014-12-03 18:27 - 2013-11-18 18:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
2015-05-27 23:56 - 2015-05-25 00:50 - 01763144 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.18\libglesv2.dll
2015-05-27 23:56 - 2015-05-25 00:50 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.18\libegl.dll
2014-12-15 17:14 - 2015-04-17 12:47 - 00232632 _____ () C:\Users\David\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-05-27 23:56 - 2015-05-25 00:50 - 26902344 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.18\PepperFlash\pepflashplayer.dll
2015-05-05 13:42 - 2015-05-05 13:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-05 13:42 - 2015-05-05 13:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-26 18:08 - 2015-05-26 18:08 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052601\algo.dll
2015-05-30 15:10 - 2015-05-30 15:10 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053001\algo.dll
2015-03-17 21:37 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-09-06 12:44 - 2014-09-06 12:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 00309432 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 00411320 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 00442552 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 30966968 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 00268472 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 05740216 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 06844600 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.5.83379.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-12 20:39 - 2015-05-22 10:28 - 41287224 _____ () C:\Users\David\AppData\Roaming\Spotify\libcef.dll
2015-03-19 17:22 - 2015-03-19 17:22 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-03 18:27 - 2011-01-27 01:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll
2015-05-26 22:54 - 2015-05-26 22:54 - 00098816 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32api.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00110080 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\pywintypes27.dll
2015-05-26 22:54 - 2015-05-26 22:54 - 00364544 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\pythoncom27.dll
2015-05-26 22:54 - 2015-05-26 22:54 - 00045568 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_socket.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 01161216 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_ssl.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00320512 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32com.shell.shell.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00713216 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_hashlib.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 01175040 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._core_.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00805888 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._gdi_.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00811008 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._windows_.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 01062400 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._controls_.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00735232 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._misc_.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00682496 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\pysqlite2._sqlite.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00128512 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_elementtree.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00127488 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\pyexpat.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00087552 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_ctypes.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00119808 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32file.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00108544 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32security.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00007168 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\hashobjs_ext.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00017408 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\usb_ext.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00167936 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32gui.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00018432 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32event.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00013824 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\common.time34.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00036864 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_psutil_windows.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00038912 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32inet.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00011264 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32crypt.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00070656 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._html2.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00027136 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_multiprocessing.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00020480 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\_yappi.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00035840 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32process.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00686080 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\unicodedata.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00122368 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._wizard.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00024064 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32pipe.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00010240 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\select.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00025600 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32pdh.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00525640 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\windows._lib_cacheinvalidation.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00017408 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32profile.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00022528 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\win32ts.pyd
2015-05-26 22:54 - 2015-05-26 22:54 - 00078336 _____ () C:\Users\David\AppData\Local\Temp\_MEI57522\wx._animate.pyd
2015-03-12 20:39 - 2015-05-22 10:27 - 01488440 _____ () C:\Users\David\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 20:39 - 2015-05-22 10:27 - 00079928 _____ () C:\Users\David\AppData\Roaming\Spotify\libegl.dll
2015-03-12 20:39 - 2015-03-19 23:18 - 09305656 _____ () C:\Users\David\AppData\Roaming\Spotify\pdf.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 12985528 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 02062008 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.5.83379.dll
2015-04-17 12:46 - 2015-04-17 12:46 - 00243896 _____ () C:\Users\David\AppData\Roaming\Dashlane\3.2.5.83379\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.5.83379.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\David\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abstract_weird_awesome_earth_desktop_wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-360457500-3761877600-3937798138-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{B3D1D952-70DE-41F2-991B-04660482C7CD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7EB1255F-24B5-4097-9FB9-2DD0A1244C2E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D7911E67-1742-4D4B-BC4C-AEA4ABFA5F1F}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{45F2F0F1-CB69-49EF-BE0D-A13F6961921E}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{90BB2694-AA9E-4683-8B90-2CC9A6FC9929}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7C073B69-928D-495A-AB43-4C8878FB5C8A}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{27A55765-7F92-42AF-A102-9AD5479334E9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9D30DDF3-EC39-4105-9BF4-70566E7F5DE9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{92A16216-7DA9-49D5-875E-826163A7B27C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44CBE3CE-7729-4BCD-8880-6D5BCC5805E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6110BC71-8EF5-4D60-B1EB-CEE93F95A248}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B071533B-D386-437B-B42D-E7262B249A5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7AF233F-689C-4256-8370-0EDFD1808413}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D6AD97FB-691E-4447-8CA0-A1E824FFF59A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1FD1BA53-9258-4F95-A2E5-A50C7B0BF5CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EBFB9300-B06C-4AFE-8B97-C93DA506F49C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1BBC6813-9227-4A72-8DCA-3A3089C5E917}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C9D61F80-162B-4BEC-B4AC-66B421203040}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{A462EC98-726A-4724-AD17-12F4CFAD9915}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{2FCF492E-399F-4CDB-B136-6241E59D9325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{627B718B-B68F-4E29-AD4B-A6D14856043F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{676EF162-AE33-4258-B7CF-21D0355A5C13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{672282E3-D6AE-4272-964A-9B05525421A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{059648C3-565D-4A40-8233-3E3E21BA67CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{060E3A08-53AD-4ABF-BB86-7F078FD865A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{5DAEC3EF-0233-4678-8B2C-B55BB6780443}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{11B34DD1-EE57-46C7-9CA8-DDFA6A5FFDAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EA0A7050-3BE9-46ED-A200-F8AF7AC1A5B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{091FEBEA-EDD4-4266-BA91-0EC73E0E7EB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F72B70E-E242-4713-9ED2-D0A43F9BE9A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ACB9CEC2-1950-4453-83E2-3EBC7A72F7D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{76669AFB-3AA8-44DC-8D95-1482470A30BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{3960CC95-2518-4E66-9DC0-4AFC3E511E44}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{5F55CCBB-31F5-49E9-B5BB-7BAEE9B72A14}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{DBA1E151-9A29-4F52-B6E8-3623FB377A70}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{3FA81CEB-147A-4C36-B14E-849DA05BCF5F}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{E7BAC692-5B91-4B61-A625-03E4CB6C1754}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{070E39A6-B86A-46FE-97C5-0C171AF54815}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{887EE9D2-1CAE-4C0D-9496-D6C197213687}] => (Allow) LPort=5357
FirewallRules: [{0CCA6326-6307-4F20-A2BE-BEB400926551}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9F497E65-A39B-4969-8806-144D4900D088}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7B3ACE12-6304-4D97-BA25-4AF61D744A10}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{86DA1789-FA52-4CD8-9B24-957795A1F8ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{DC2EE38B-C31B-418F-A44E-FCF645397C21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3BF0C373-9BBD-4913-BB14-9D68E5FCB229}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{413C9346-847B-40D2-88A9-1E4D9CCBD574}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{50F06D3D-8196-434C-A412-81DE663B30E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{24B9DA04-D6F5-4120-B827-B5D18F14CB71}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{7E6F38C7-BEA6-44EA-8B36-11E96430AA88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F645A3B6-0E1B-47FF-8CD6-946C62BDD890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{B8ED312C-B5CD-40AE-9770-70E7D6243D32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{8E91D6A9-5A2B-48E4-83B6-9DCCDB7BB04A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{794D10BA-3D11-4FEB-B007-07A35D6B9CE9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{747953E6-84CC-4179-BD72-A970EBFF31C5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DA0B5DAE-7A3A-4B5C-B7F8-B18157B1C431}] => (Allow) LPort=2869
FirewallRules: [{BBC60BF1-87EB-47E0-BBFB-E2CC32B4DCD3}] => (Allow) LPort=1900
FirewallRules: [{CD268911-225A-477F-9812-2CFA5F785FB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{594B0B40-F2BC-478A-BEBB-8C086928D9B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{1AF4A580-1672-4559-841C-FB5CC41614D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{306C81CD-47E2-4240-9435-E478FF9E2BC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{6EF94922-170D-4AEA-9854-4B30637F4CCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{A0DDBFB2-1486-45F7-B9B5-24759DFEBEC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{86F46409-7C67-4AA8-ABD9-9C7A1AEB8CC6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{E68DCAFF-6EC2-442A-87A8-18E1E3A51813}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [TCP Query User{D3D05BFF-5CB5-4214-8928-31145438FB87}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{990A2C3B-C638-4744-92BF-9209845F6A5A}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [{6330B9B0-3814-4C58-B270-8AAAD62BE6B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Neighbours from [bleep] 2\bin\game.exe
FirewallRules: [{0EE90E8A-7F06-4F3D-9984-F9B3B0B3A466}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Neighbours from [bleep] 2\bin\game.exe
FirewallRules: [{33C206BD-571E-4A72-BAE6-A17331BB7EEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Neighbours from [bleep]\bin\game.exe
FirewallRules: [{08F01A97-3227-4817-A7C3-E708433DF417}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Neighbours from [bleep]\bin\game.exe
FirewallRules: [{C9DC2092-F38B-4D38-8C5E-37CEAFC1C86B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{7DFA79F4-E3D7-4ABE-9A19-DBB62C1725D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{89342361-9EFB-4DDD-B9B1-7F5D9A83CE98}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A375565F-B7AD-48CA-A1AA-1EBFC73F1615}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{FA119615-F893-46AF-B969-9B2BDF982033}C:\users\david\downloads\hippovnc\winvnc.exe] => (Allow) C:\users\david\downloads\hippovnc\winvnc.exe
FirewallRules: [UDP Query User{1F6D4B5F-D8B3-47FB-AACC-CBE0078DBAB2}C:\users\david\downloads\hippovnc\winvnc.exe] => (Allow) C:\users\david\downloads\hippovnc\winvnc.exe
FirewallRules: [{FC13C341-2DA2-4607-B16F-4EBABF5FFC60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{D06C52AE-99AF-4CBB-A0AE-D440687B5B2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{C793DD84-2B1E-4032-889B-9BAED5AFDA34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{FFB0C4C8-A8C1-4B45-BEAB-6DC53BB20C3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{30B4FDBA-49B4-4A68-9C9F-CB186730C7B1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{ED0B0B7A-6880-43FA-9A87-B1C735503067}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{268B6FBC-062C-43CC-8B02-4384FB209D92}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3239E246-7547-4A63-91E5-71B07A232930}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3E70EB1F-D6DF-4A62-AECB-6C4D2658F6DD}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{A772DC0C-C4C6-4F9E-AA51-1DEB8E071F04}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{CF93FA95-FBF4-422E-ACF6-FA180C2A3CE3}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BABD3A59-35B6-404D-9C90-19BCF9F04404}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{97AE7D0A-9AFD-4EF2-9C09-F47E4A541A6F}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{7D8C55D7-F8B2-47E5-AF1A-E40A3ADF0597}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{F5660AE2-4F98-4378-9211-F46D01E58D57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{34E63B71-780C-4FCC-A2A9-F3BDC84F756B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{C02667AC-B7F1-4F39-87BA-42E3FFE54257}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{4E81DFC9-B141-4C90-BF1D-820B75070625}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{55D15EC7-E0E7-45C7-98A8-23AAAE6C86D4}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{21CD20B0-1D05-4F6D-B098-01D6CD9149F2}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{B1F3729F-1F8A-446A-8A28-3108DD6C7890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{9DE4A70F-C0C9-4749-BB57-507005F7BE23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{5AFA4453-B41E-4E40-84BC-46A25228A854}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{FD9801B0-7BBC-4E20-9648-9BAEBBCBBE55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{E36649A1-0121-49FC-A3A2-23223A40930E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{6CA01785-7DC1-4D8D-A934-C1784C47665C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{A0732CE7-3EE4-473D-B9D1-51C590A71C2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43E63C1F-BF2B-4DE9-8723-3F99E467F2D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54C53484-CCD5-4395-8CA4-152594731ECA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{597F825C-15C7-4E1B-8278-0517F71BDDAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{25B8282F-AB29-4E2D-B648-51C77D26CFAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{FEE39DD6-0297-4CB1-8567-B9729D1244BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B097A3DE-E75D-476A-87F8-8923EF5D5D5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{B036268C-E32A-483A-AF05-8E16AFA318A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{8C11511C-5D30-492B-A50D-373551CFC262}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{13164824-BB11-4AC6-B173-4FE4A673656A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{3849D27B-9A2B-4C12-9BCE-3EE3B0E6D89A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C436337F-285F-43F8-B13B-397779654412}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{C6498FAF-8DEE-4B31-913D-1EF50FC3EC73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{1EEBFF38-B005-4FFA-810A-62DF2BF2158D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{22AEE50E-28B7-4ED8-A627-B2E5AA3F3B37}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E6BF40FF-2E8D-4CED-A78C-D9E4883BF960}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{20571733-0C7A-4EA4-BEE1-0B4E4C6EC418}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F3B5B386-81D6-4B51-A9A4-2C8F97AD5E5B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{11AEAD35-99E6-4991-B3D1-4A3307854DFA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EED02307-93F9-4D5D-8501-58399E909579}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{812F7039-0C33-477C-98E3-BD583913166E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{127C05F9-0109-4193-A1BA-002C6B135D32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{EC62ED37-05EA-45E2-90E2-CEFC10432856}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{75DCA065-A406-454F-B1B3-A0CD68ED76AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A3FD66D2-06F6-4D5C-9563-C8D919CDAA2B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E7A0B041-3A63-4F34-8CEB-DA4D1CC017B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFA2F86B-1600-4B81-93BF-C859832465C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E9FD8979-D199-4F72-8921-9D43A19A7E52}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2015 02:26:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/30/2015 02:13:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/30/2015 02:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10656
 
Error: (05/30/2015 02:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10656
 
Error: (05/30/2015 02:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2015 02:58:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438
 
Error: (05/30/2015 02:58:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438
 
Error: (05/30/2015 02:58:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2015 02:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8234
 
Error: (05/30/2015 02:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8234
 
 
System errors:
=============
Error: (05/26/2015 10:30:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (05/26/2015 04:46:12 PM) (Source: Schannel) (EventID: 4116) (User: MAIN-PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (05/26/2015 04:46:12 PM) (Source: Schannel) (EventID: 4120) (User: MAIN-PC)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.
 
Error: (05/26/2015 04:40:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
 
Error: (05/26/2015 04:40:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/26/2015 04:39:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
 
Error: (05/26/2015 10:58:58 AM) (Source: DCOM) (EventID: 10010) (User: MAIN-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (05/25/2015 07:13:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HP8460TB
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{991C943E-B919-42F7-99FF-B55F168520C4}.
The master browser is stopping or an election is being forced.
 
Error: (05/24/2015 02:52:35 PM) (Source: DCOM) (EventID: 10010) (User: MAIN-PC)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
 
Error: (05/22/2015 11:30:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office:
=========================
Error: (05/30/2015 02:26:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (05/30/2015 02:13:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (05/30/2015 02:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10656
 
Error: (05/30/2015 02:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10656
 
Error: (05/30/2015 02:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2015 02:58:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438
 
Error: (05/30/2015 02:58:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438
 
Error: (05/30/2015 02:58:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2015 02:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8234
 
Error: (05/30/2015 02:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8234
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 8076.22 MB
Available physical RAM: 3959.7 MB
Total Pagefile: 9356.22 MB
Available Pagefile: 4407.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (TI10653400C) (Fixed) (Total:688.02 GB) (Free:312.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
 
Thanks,
 
Agent Shark

 


  • 0

Advertisements

#2
zep516
Posted 30 May 2015 - 07:45 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


I have noticed in your log file you are using uTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.



start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
C:\ProgramData\Ament.ini
AlternateDataStreams: C:\Users\David\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
    • Fixlog.txt, That log will be found on desktop after fix has run
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks
    Joe



  • 0

#3
Agent Shark
Posted 31 May 2015 - 10:35 AM

Agent Shark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

Hey Joe,

 

Thanks again for your help! Below are the logs you've requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by David at 2015-05-31 11:57:47 Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David &  (Available Profiles: David)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
C:\ProgramData\Ament.ini
AlternateDataStreams: C:\Users\David\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key Removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key Removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key Removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key Removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key Removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key Removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} => value Removed successfully
HKCR\Wow6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} => key not found. 
"HKCR\PROTOCOLS\Handler\livecall" => key Removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key Removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
C:\ProgramData\Ament.ini => Moved successfully.
C:\Users\David\OneDrive => ":ms-properties" ADS Removed successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {74FDE2AB-8746-4B6A-8538-D162B6822BFE}.
Unable to cancel {D9310234-C25A-4049-9B8C-FFEBA39CF061}.
{F5962111-98AF-4B1B-9B9F-53EE78F9B66E} canceled.
{C2975C51-6E7A-4662-9C3E-C2F2FDA81E56} canceled.
2 out of 4 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 688.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:00:49 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 8.1 x64
Ran by David on Sun 05/31/2015 at 12:25:25.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\ai_recyclebin
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\kf8gb78o.default\minidumps [2 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/31/2015 at 12:32:54.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
# AdwCleaner v3.212 - Report created 11/06/2014 at 16:07:44
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : David - MAIN-PC
# Running from : C:\Users\David\Desktop\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\David\AppData\Local\Surf_Canyon
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\lp8zlv05.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\AppDataLow\Software\Surf Canyon
Key Deleted : HKLM\Software\Surf Canyon
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\lp8zlv05.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [2648 octets] - [11/06/2014 16:06:23]
AdwCleaner[S0].txt - [2308 octets] - [11/06/2014 16:07:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2368 octets] ##########
# AdwCleaner v4.205 - Logfile created 31/05/2015 at 12:18:26
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : David - MAIN-PC
# Running from : C:\Users\David\Desktop\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[/!\] Not Deleted ( Junction ) : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
[kf8gb78o.default\prefs.js] - Line Deleted : user_pref("extensions.dashlane.safesearchcapable", false);
 
-\\ Google Chrome v44.0.2403.18
 
 
*************************
 
AdwCleaner[R0].txt - [5398 bytes] - [11/06/2014 16:06:23]
AdwCleaner[S0].txt - [4716 bytes] - [11/06/2014 16:07:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4775  bytes] ##########
 

  • 0

#4
zep516
Posted 31 May 2015 - 01:12 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Please run a scan with Malwarebytes, you may skip the download part since you have it already installed.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
Next ESET scan. May take a while.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Please post in your next reply;
1. Eset scan resluts.
2. Malwarebytes log report.
3. Checkup.txt log report.

Thanks
Joe :)
  • 0

#5
Agent Shark
Posted 31 May 2015 - 03:06 PM

Agent Shark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Call of Duty: Ghosts - Multiplayer 
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox 35.0 Firefox out of Date!  
 Google Chrome (43.0.2357.73) 
 Google Chrome (44.0.2403.18) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Everything else had no detection.

  • 0

#6
zep516
Posted 31 May 2015 - 03:30 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Java 7 Update 67
Java 8 Update 25
Java version 32-bit out of Date!
Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.

Next
Your Firefox browser is out of date:
In the Firefox browser, click help, click "About Firefox" and up-date from there.

Next

Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

  • 0

#7
Agent Shark
Posted 31 May 2015 - 03:34 PM

Agent Shark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

I need it I believe for gaming. If not, how do I uninstall it?

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:34:32 PM, on 5/31/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
 
FIREFOX: 35.0 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
C:\Users\David\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
C:\Users\David\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\David\Desktop\SecurityCheck.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\WINDOWS\syswow64\wwahost.exe
C:\Users\David\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PerditiongmmouseRun] "C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe" -runauto
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45U3B1D105Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify] "C:\Users\David\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - Startup: Curse.lnk = C:\Users\David\AppData\Roaming\Curse Client\Bin\Curse.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12838 bytes

  • 0

#8
zep516
Posted 31 May 2015 - 03:51 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

This step is optional, stopping unnecessary start up programs when windows boots.

Note If you see a program in the 04 list that you know you want to start with windows then don't check it. CCLeaner you can run that on your own it does not need to start nor does Chrome. Don't clog up windows with unnecessary programs for it to boot at start up, windows boots slow enough as it is...

Open Hijackthis right click an "Run as administrator" This time do a System scan only.
Place a check mark in the following bold entries:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45U3B1D105Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify] "C:\Users\David\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - Startup: Curse.lnk = C:\Users\David\AppData\Roaming\Curse Client\Bin\Curse.exe
  • Click fix checked.
  • Close Hijackthis.
  • reboot.
Everything else looks ok in hijackthis, in case you're looking the file missings in the 023 entries are a normal output
  • 0

#9
Agent Shark
Posted 31 May 2015 - 06:13 PM

Agent Shark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

Alright I did those steps. How is everything else on your side?

 

Also should I just uninstall Java entirely?


  • 0

#10
zep516
Posted 31 May 2015 - 06:50 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Also should I just uninstall Java entirely?


Yes

Everything looks good, all ready for college. As long as there are no further issues we can remove all the tools by this exercise below;

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#11
Agent Shark
Posted 31 May 2015 - 07:51 PM

Agent Shark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
# DelFix v1.010 - Logfile created 31/05/2015 at 21:50:10
# Updated 26/04/2015 by Xplode
# Username : David - MAIN-PC
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\David\Desktop\Addition.txt
Deleted : C:\Users\David\Desktop\adwcleaner_4.205.exe
Deleted : C:\Users\David\Desktop\Fixlog.txt
Deleted : C:\Users\David\Desktop\FRST.txt
Deleted : C:\Users\David\Desktop\FRST64.exe
Deleted : C:\Users\David\Desktop\JRT.exe
Deleted : C:\Users\David\Desktop\JRT.txt
Deleted : C:\Users\David\Desktop\HijackThis.exe
Deleted : C:\Users\David\Desktop\hijackthis.log
Deleted : C:\Users\David\Desktop\SecurityCheck.exe
Deleted : C:\Users\David\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Cleaning system restore ...
 
Deleted : RP #62 [Windows Update | 05/15/2015 22:21:47]
Deleted : RP #63 [Installed DirectX | 05/21/2015 02:03:23]
Deleted : RP #64 [Removed Mumble 1.2.7 | 05/22/2015 06:02:50]
Deleted : RP #65 [Installed Pearson LockDown Browser | 05/23/2015 20:50:36]
Deleted : RP #66 [Installed Oracle VM VirtualBox 4.3.28 | 05/30/2015 02:02:52]
Deleted : RP #67 [Installed DirectX | 05/31/2015 02:45:01]
Deleted : RP #69 [Restore Point Created by FRST | 05/31/2015 15:57:51]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
 
Side question, can you tell me by chance how to dual boot Ubuntu to my machine?

  • 0

#12
zep516
Posted 31 May 2015 - 07:59 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Thanks for using Geeks to go Forum.
 

Side question, can you tell me by chance how to dual boot Ubuntu to my machine?

I would ask that question Here--> http://www.geekstogo.com/forum/forum/177-linux/  They would be able to help better then myself.

We will now close this topic

 

You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP