Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Something wicked this way.... [Solved]

Started by badcomputer! , Jul 12 2015 07:05 AM

  • This topic is locked This topic is locked

#1
badcomputer!
Posted 12 July 2015 - 07:05 AM

badcomputer!

    Member

  • Member
  • PipPip
  • 37 posts

I'm looking for a bit of help. Recently, my computer has been infected by something that just doesn't want to go away from Malwarebyte or Windows Scanner. Quite a few processes have been added to my task manager, and of course I get the pop up when surfing the internet that my computer is infected and I need to buy their product or some such mess... finally, IE explorer just completely disappeared -- and then after searching it back up and dragging it to desktop for use, it redirects to google chrome browser... which is interesting. Not sure what the heck is going on, so I I wanted to throw it to ya'll to see what's what -- I appreciate any help I can get from it...

 

Malware scan came up with a lot of pup.optional.taplika.a files/folders.. 

 

the one that it continues to find is this one:

 

pup.optional.appdataFR.a

 

 

 

 

here are the logs from Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Myles (administrator) on MYLES-PC on 12-07-2015 07:57:32
Running from C:\Users\Myles\Downloads
Loaded Profiles: Myles (Available Profiles: Myles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-04-29] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~3\{2b5dc~1\1170~1.1\dora.dll => "c:\progra~3\{2b5dc~1\1170~1.1\dora.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1909816545-1500077015-3682874139-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D2CEE6A4-E5AF-4320-9C1F-8ADC1AC6A5DD}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-08]
CHR Extension: (Google Wallet) - C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 07:57 - 2015-07-12 07:57 - 02130944 _____ (Farbar) C:\Users\Myles\Downloads\FRST64.exe
2015-07-12 07:57 - 2015-07-12 07:57 - 00009582 _____ C:\Users\Myles\Downloads\FRST.txt
2015-07-12 07:57 - 2015-07-12 07:57 - 00000000 ____D C:\FRST
2015-07-12 07:52 - 2015-07-12 07:52 - 00000024 _____ C:\Users\Myles\AppData\Roaming\appdataFr25.bin
2015-07-08 11:34 - 2015-07-11 15:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 11:34 - 2015-07-08 11:34 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Myles\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-07-08 11:34 - 2015-07-08 11:34 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-08 11:34 - 2015-07-08 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-08 11:34 - 2015-07-08 11:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 11:34 - 2015-07-08 11:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 11:34 - 2015-04-14 10:39 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-08 11:34 - 2015-04-14 10:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-08 11:34 - 2015-04-14 10:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-08 11:30 - 2015-07-08 11:30 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-08 11:30 - 2015-07-08 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-08 11:30 - 2015-07-08 11:30 - 00000000 ____D C:\Program Files\iTunes
2015-07-08 11:30 - 2015-07-08 11:30 - 00000000 ____D C:\Program Files\iPod
2015-07-08 11:30 - 2015-07-08 11:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-08 11:28 - 2015-07-08 11:29 - 58130592 _____ (Microsoft Corporation) C:\Users\Myles\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2015-07-08 11:28 - 2015-07-08 11:28 - 02077392 _____ (Microsoft Corporation) C:\Users\Myles\Downloads\IE11-Windows6.1.exe
2015-07-06 12:03 - 2015-07-08 11:40 - 00000000 ____D C:\ProgramData\6583e107000046da
2015-07-05 15:39 - 2015-07-08 11:40 - 00000000 ____D C:\Program Files (x86)\shoupnddrop
2015-06-30 17:40 - 2015-06-30 17:40 - 00000222 _____ C:\Users\Myles\Desktop\WazHack.url
2015-06-29 19:11 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-06-29 19:11 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-06-29 19:11 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-06-29 19:11 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-06-29 19:11 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-06-29 19:11 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-06-29 19:11 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-06-29 19:11 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-06-29 19:11 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-06-29 19:11 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-06-29 19:11 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-06-29 19:11 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-06-29 19:11 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-06-29 19:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-06-29 19:11 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-06-29 19:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-06-29 19:11 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-06-29 19:11 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-06-29 19:11 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-06-29 19:11 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-06-29 19:10 - 2015-06-29 19:10 - 00010009 _____ C:\Windows\DirectX.log
2015-06-29 19:10 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-06-29 19:10 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-06-29 19:10 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-06-29 19:10 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-06-29 19:10 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-06-29 19:10 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-06-29 19:10 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-06-29 19:10 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-06-29 19:10 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-06-29 19:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-06-29 19:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-06-29 19:10 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-06-29 19:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-06-29 19:10 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-06-29 19:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-06-29 19:10 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-06-29 19:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-06-29 19:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-06-29 19:10 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-06-29 19:10 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-06-29 19:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-06-29 19:10 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-06-29 19:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-06-29 19:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-06-29 19:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-06-29 19:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-06-29 19:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-06-29 19:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-06-29 19:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-06-29 19:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-06-29 19:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-06-29 19:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-06-29 19:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-06-29 19:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-06-29 19:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-06-29 19:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-06-29 19:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-06-29 19:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-06-29 19:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-06-29 19:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-06-29 19:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-06-29 19:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-06-29 19:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-06-29 19:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-06-29 19:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-06-29 19:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-06-29 19:10 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-06-29 19:10 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-06-29 19:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-06-29 19:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-06-29 19:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-06-29 19:10 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-06-29 19:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-06-29 19:10 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-06-29 19:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-06-29 19:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-06-29 19:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-06-29 19:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-06-29 19:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-06-29 19:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-06-29 19:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-06-29 19:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-06-29 19:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-06-29 19:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-06-29 19:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-06-29 19:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-06-29 19:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-06-29 19:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-06-29 19:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-06-29 19:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-06-29 19:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-06-29 19:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-06-29 19:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-06-29 19:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-06-29 19:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-06-29 19:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-06-29 19:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-06-29 19:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-06-29 19:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-06-29 19:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-06-29 19:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-06-29 19:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-06-29 19:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-06-29 19:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-06-29 19:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-06-29 19:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-06-29 19:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-06-29 19:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-06-29 19:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-06-29 19:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-06-29 19:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-06-29 19:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-06-29 19:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-06-29 19:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-06-29 19:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-06-29 19:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-06-29 19:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-06-29 19:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-06-29 19:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-06-29 19:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-06-29 19:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-06-29 19:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-06-29 19:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-06-29 19:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-06-29 19:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-06-29 19:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-06-29 19:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-06-29 19:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-06-29 19:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-06-29 19:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-06-29 19:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-06-29 19:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-06-29 19:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-06-29 19:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-06-29 19:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-06-29 19:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-06-29 19:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-06-29 19:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-06-29 19:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-06-29 19:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-06-29 19:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-06-29 19:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-06-29 19:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-06-29 19:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-06-29 19:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-06-29 19:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-06-29 19:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-06-29 19:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-06-29 19:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-06-29 19:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-06-29 19:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-06-29 19:10 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-06-29 19:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-06-21 12:07 - 2015-06-29 11:59 - 00000000 ____D C:\Users\Myles\Documents\Darkest
2015-06-21 12:07 - 2015-06-21 12:07 - 00000000 ____D C:\Users\Myles\AppData\Roaming\NVIDIA
2015-06-21 12:07 - 2015-06-21 12:07 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-21 11:26 - 2015-06-21 11:26 - 00000222 _____ C:\Users\Myles\Desktop\Darkest Dungeon.url
2015-06-20 11:02 - 2015-06-20 11:02 - 00000222 _____ C:\Users\Myles\Desktop\Folk Tale.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 07:56 - 2015-04-24 15:28 - 01268318 _____ C:\Windows\WindowsUpdate.log
2015-07-12 07:53 - 2015-04-24 20:20 - 00000000 ____D C:\Users\Myles\AppData\Roaming\Skype
2015-07-12 07:52 - 2015-04-24 13:56 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-12 07:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 07:52 - 2009-07-13 23:51 - 00033090 _____ C:\Windows\setupact.log
2015-07-11 17:58 - 2015-04-24 18:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 09:11 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 16:31 - 2009-07-13 23:45 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 16:31 - 2009-07-13 23:45 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:58 - 2015-04-24 18:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 09:58 - 2015-04-24 18:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 09:58 - 2015-04-24 18:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 14:31 - 2015-04-24 13:47 - 00229038 _____ C:\Windows\PFRO.log
2015-07-08 11:40 - 2015-04-30 16:28 - 00000000 ____D C:\Program Files (x86)\OpenDownloaspamnager
2015-07-08 11:30 - 2015-04-24 15:55 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-08 11:30 - 2015-04-24 15:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-08 11:28 - 2015-04-30 09:39 - 00014938 _____ C:\Windows\IE11_main.log
2015-07-05 23:40 - 2015-04-24 13:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-05 15:40 - 2015-05-28 10:29 - 00000000 ____D C:\ProgramData\13120781066233055183
2015-07-05 05:08 - 2015-04-24 13:42 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 07:43 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-16 08:04 - 2015-05-28 10:32 - 00000000 ____D C:\ProgramData\ed9a7b06000039bc
2015-06-13 13:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 11:26 - 2015-04-30 13:53 - 00000000 __SHD C:\Users\Myles\AppData\Local\EmieUserList
2015-06-12 11:26 - 2015-04-30 13:53 - 00000000 __SHD C:\Users\Myles\AppData\Local\EmieSiteList
2015-06-12 11:26 - 2015-04-30 13:53 - 00000000 __SHD C:\Users\Myles\AppData\Local\EmieBrowserModeList
2015-06-12 11:09 - 2009-07-13 23:45 - 00301264 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 11:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2015-07-12 07:52 - 2015-07-12 07:52 - 0000024 _____ () C:\Users\Myles\AppData\Roaming\appdataFr25.bin
2015-05-28 10:32 - 2015-05-28 10:32 - 0000000 _____ () C:\Users\Myles\AppData\Local\Temp.dat
 
Some files in TEMP:
====================
C:\Users\Myles\AppData\Local\Temp\AutoWifi.exe
C:\Users\Myles\AppData\Local\Temp\devcon64.exe
C:\Users\Myles\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Myles\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 10:32
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Myles at 2015-07-12 07:57:49
Running from C:\Users\Myles\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1909816545-1500077015-3682874139-500 - Administrator - Disabled)
Guest (S-1-5-21-1909816545-1500077015-3682874139-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1909816545-1500077015-3682874139-1002 - Limited - Enabled)
Myles (S-1-5-21-1909816545-1500077015-3682874139-1001 - Administrator - Enabled) => C:\Users\Myles
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aslain's WoT Modpack version 4.4.5 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.4.5 - Aslain)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
Folk Tale (HKLM-x32\...\Steam App 224440) (Version:  - Games Foundry)
Google Chrome (HKLM-x32\...\{2EC1270D-EBD9-335A-B0E4-45B5CB3E9AAC}) (Version: 66.77.16514 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.12 - MSI)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
WazHack (HKLM-x32\...\Steam App 264160) (Version:  - Waz)
World of Tanks (HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
21-06-2015 11:16:16 Windows Update
21-06-2015 12:07:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
21-06-2015 12:07:19 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
25-06-2015 11:10:32 Windows Update
29-06-2015 11:17:30 Windows Update
29-06-2015 19:09:47 Installed DirectX
03-07-2015 10:43:32 Windows Update
06-07-2015 16:03:10 Windows Update
10-07-2015 16:27:31 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {823D3CF7-8323-4363-976A-06EA5785E8F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9EC9CB5F-4778-4DD1-ACB3-753AC6BA2112} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {BD91B324-4367-415D-9360-507FB5156BCE} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-24 13:56 - 2015-05-27 23:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-24 13:50 - 2015-05-22 20:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-03-12 17:10 - 2015-04-16 12:40 - 00776192 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 20:40 - 2015-04-22 21:16 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll
2015-01-19 20:40 - 2015-04-22 21:16 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 20:40 - 2015-04-22 21:16 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2014-06-01 17:34 - 2015-06-04 13:56 - 02407104 _____ () E:\Program Files (x86)\Steam\video.dll
2014-08-28 16:16 - 2014-12-01 16:31 - 02396672 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 16:16 - 2014-12-01 16:31 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 16:16 - 2014-12-01 16:31 - 00479744 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 16:16 - 2014-12-01 16:31 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 16:16 - 2014-12-01 16:31 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2012-03-24 11:46 - 2015-06-04 13:56 - 00703168 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-03-24 11:46 - 2015-05-11 14:01 - 36302728 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-05 23:40 - 2015-06-20 00:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-07-05 23:40 - 2015-06-20 00:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{18BF281E-B718-48D7-B553-A7BF0074CF04}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{63754D21-224A-40CC-8724-7FB71AD1E63C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{354DE14B-342F-4D1C-9EC1-A679765D27C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{632623F3-6F36-4C78-88C6-DAC96111562A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2B20B78E-AB90-487B-B041-7651AF7C1329}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C79782F-5AA7-498E-A781-F40707982FAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5D8641C0-AFF6-46F6-AEB3-5779050A83C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F46CB10C-2C0D-4F42-97D6-F76F60CAD683}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12A80B0F-6CB6-4200-88FD-D775CB0FE6B7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{74B5C711-AF00-4D40-86C5-D1A7EDB47BEE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{2E7502D4-30D3-41B9-8C92-82A2095BA13E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8412D70B-8FF3-42BD-9DCF-212F5242FC0A}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{161C61F4-F8AA-4399-8866-0E91F22A08E2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{2FAC172E-BA1C-4FC7-9594-405E945962F0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{D18DF103-E7ED-4646-8CD3-C76410E570CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12E53A22-CF65-436F-BA56-7A7C3061501F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1874E384-D57A-4404-957A-1E8DD0AF9F33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C9D27BA7-7CC6-4529-8302-4D63831E8B70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B775105-63F1-499A-945E-CCF133F1C3A9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D98BE86B-065F-4250-B59D-A85B07C571E5}E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{55E8E68C-63E3-406A-A836-1E612C7E7B49}E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{2FFF125A-EB39-4343-8961-C06A8CA5301C}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{834D2D74-6E79-4F5C-9E40-A29F97503E98}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{54EC6C31-73FB-49FC-B64D-DA8CFF7ADC14}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{48CC475D-C364-437A-86EB-151BBC8E2648}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{1ED0CA74-C75A-41A6-BA49-09DDAE0C8A00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{7F3066FC-ED29-4479-BE77-5A4AB86908AE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{D812C04E-6135-4859-9BC5-96E9F654998B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{33FC07CB-A106-4A24-8239-566F1E1E0D1D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{473352C0-A73F-489F-AE59-DB164238A535}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{434BE431-0669-4D55-B244-42CA0ECC636E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{695C8FEF-A358-4201-8795-5943F8505C31}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{9E21F68C-7348-4EBA-9FE4-8C0A2628D7A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{D0AF177C-886A-49C7-9CC0-A3327129DCAB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{C8F6D52F-61F0-431E-9CD0-80EC66800708}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{24BB0F53-91A1-4165-9879-E481328570B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{E5C88C1F-7DC9-48AA-988B-2CE3E17F4D2F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{674485E6-E6A6-4331-871B-B79F6ADBEEC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E7FAFC48-EB2C-4CCB-82E8-0FC76DC3628D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{2E90BCD2-7EB4-4F2A-B91B-8162AFF1B6D9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{D1ADF4F3-F8A9-4FCF-AB52-A24E142E348F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{7672F037-45A8-471E-B6A7-79A59234E7AB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{73F5D728-8099-40D2-8293-84CB650C1B88}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{F5413DB2-A60B-4841-8BF3-4DE5E8A164CA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{250406F3-D447-4BDE-AD47-6481D569C24A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{1014EEC2-CEF0-4280-824C-947109567459}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{6D808CA9-A91B-4564-B58F-613A271E08F6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{97FF4063-7D55-4EBD-BDEA-3E3FE05CCCBB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{DBC5A865-A7C3-48ED-B075-886B7C3B6F45}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{71933A1A-C335-4931-9DC5-C9627E365739}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{CDE5BD06-FE33-4091-895C-AB08FFD43A32}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{36998445-48FD-4524-9301-105BCEB4FB12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{C0DA3EE6-BBA3-4D01-879C-08567CEDA567}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{89661670-0EED-4609-BCC1-0A4EFF862D3B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{9076E985-30C5-412B-BE50-DB01F358EB9C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{732719F1-194B-4FAE-943E-AEC4A56B73E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{AF33288A-BEBF-4CC0-BB46-04A75615453B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{71E345D2-A9DF-4186-845F-98D1D038689A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{DCF2D7A3-C22E-4063-8359-4966EDE92F2C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{55A2E357-F0F6-4042-BAD3-DF0ACF3150A8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{537DC2FD-F5F4-4D3C-AB6B-984B9FD66D47}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{AB68D758-1979-4E1B-9B08-89020AF95066}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe
FirewallRules: [{D3925E1A-405E-4F05-932A-3DD9654FCB00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe
FirewallRules: [{9FB467C1-22F7-47D3-8FE1-9E7CDAD99B82}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe
FirewallRules: [{E77AC663-094A-437F-B24E-6B08BC197CB8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe
FirewallRules: [{FBB8B957-0EE9-4654-8406-E3FD942ED11A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe
FirewallRules: [{EEACE551-E368-4300-91B3-1401CCA80CBC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe
FirewallRules: [{F62F4DB0-E23C-443B-8B5B-941AEB7E73C8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{430B926F-60E8-4C2C-B603-44A0EFFFC716}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{2ABBD624-AA68-4F32-B6CE-30E7E468AED6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3D24BA0A-9A98-4951-9500-3A743C7E4423}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{CC87117C-32EA-460E-A6FA-04FE540F5A93}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{6AE130F6-33D4-4AFC-BC2A-1F39B3DF9226}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{0558D084-E61A-4B21-A5DE-557D0AB4D6EA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{D170D0CE-449F-4EA3-A220-91B6BA9BE339}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{A3B47C4E-0C92-43F0-A611-4FC950999849}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ContagionBeta\contagion.exe
FirewallRules: [{492427D9-C157-4E81-A420-375056E63F55}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ContagionBeta\contagion.exe
FirewallRules: [{424A48A2-888E-4CCB-8B24-39C8B46458B2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{01AE7BFE-99D3-4A06-B187-9F045F4AA00F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{BC0866AB-BA63-410C-83C3-3CC9BC7BD883}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{3BB29FD4-7FA8-40D7-AC9F-199C7BAD28B3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{7372F72F-128B-4A41-A2DA-575840B30B3C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WazHack\WazHack.exe
FirewallRules: [{2F5CECE2-EF0C-40FD-A600-755D26E0D648}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WazHack\WazHack.exe
FirewallRules: [{0BE3AEA9-0C5C-407F-94A2-F51F8EE472CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{38F3BCA2-8A97-46E1-9944-3B39A4A4FABC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2015 12:00:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: Myles-PC)
Description: Product: Google Chrome -- Error 1316. The specified account already exists.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 0.5.9.E.5.1.D.8.0.E.A.A.4.4.9.A.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Myles-PC-2.local.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 0.5.9.E.5.1.D.8.0.E.A.A.4.4.9.A.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Myles-PC.local.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 65.1.168.192.in-addr.arpa. PTR Myles-PC-2.local.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Myles-PC.local.
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Myles-PC.local already in use; will try Myles-PC-2.local instead
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 Myles-PC.local. AAAA FE80:0000:0000:0000:A944:AAE0:8D15:E950
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 Myles-PC.local. AAAA 2602:0306:CF3D:8D60:A944:AAE0:8D15:E950
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 Myles-PC.local. Addr 192.168.1.65
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 0000000001727AB0 Our Record 2 won:  8C1490BE   16 Myles-PC.local. AAAA FE80:0000:0000:0000:A944:AAE0:8D15:E950
 
 
System errors:
=============
Error: (07/12/2015 07:54:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/09/2015 04:18:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/09/2015 09:27:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/08/2015 02:33:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/08/2015 02:31:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:29:55 PM on ‎7/‎8/‎2015 was unexpected.
 
Error: (07/08/2015 11:43:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/08/2015 08:14:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/06/2015 09:03:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (06/25/2015 02:59:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (06/19/2015 05:35:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office:
=========================
Error: (07/06/2015 12:00:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: Myles-PC)
Description: Product: Google Chrome -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 0.5.9.E.5.1.D.8.0.E.A.A.4.4.9.A.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Myles-PC-2.local.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 0.5.9.E.5.1.D.8.0.E.A.A.4.4.9.A.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Myles-PC.local.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 65.1.168.192.in-addr.arpa. PTR Myles-PC-2.local.
 
Error: (07/04/2015 12:52:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Myles-PC.local.
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Myles-PC.local already in use; will try Myles-PC-2.local instead
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 Myles-PC.local. AAAA FE80:0000:0000:0000:A944:AAE0:8D15:E950
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 Myles-PC.local. AAAA 2602:0306:CF3D:8D60:A944:AAE0:8D15:E950
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 Myles-PC.local. Addr 192.168.1.65
 
Error: (07/04/2015 12:52:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 0000000001727AB0 Our Record 2 won:  8C1490BE   16 Myles-PC.local. AAAA FE80:0000:0000:0000:A944:AAE0:8D15:E950
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 19%
Total physical RAM: 8173.21 MB
Available physical RAM: 6616.93 MB
Total Virtual: 16344.61 MB
Available Virtual: 14742.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.47 GB) (Free:155.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:931.29 GB) (Free:446.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A11F3C65)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 66C0E075)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

Edited by badcomputer!, 12 July 2015 - 07:13 PM.

  • 0

Advertisements

#2
BrianDrab
Posted 14 July 2015 - 06:00 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'm reviewing your logs now. Sorry for the delay.


  • 0

#3
BrianDrab
Posted 14 July 2015 - 07:07 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

See if this gets you cleaned up. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   939bytes   228 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

 

Items for your next post

1. Fixlog.txt

2. AdwCleaner log


  • 0

#4
badcomputer!
Posted 14 July 2015 - 08:32 PM

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Brian,

 

Thank you for your assistance; here are the logs you requested after I took the actions prescribed.

 

 

# AdwCleaner v4.208 - Logfile created 14/07/2015 at 21:30:02
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Myles - MYLES-PC
# Running from : C:\Users\Myles\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\7d0a62e3-1f68-e18c-e9a3-0052675f9558
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A993BCA4-1E58-474D-A36E-057CC6AC9CE5}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_18&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDzy0E0CyC0DzzzyzyyE0EtN0D0Tzu0StCtBtCyDtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyEzztCtBtDyE0FyCtGtB0DyE0BtGzyyEyCyDtG0FtByCyEtGtC0D0E0C0EyEzz0DzyyB0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtD0EyC0DyDyDyBtGtBzytDtAtGyE0F0C0BtGzy0CyC0EtGyCyB0B0B0A0E0BtB0F0DyCyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=458693871&ir=
 
*************************
 
AdwCleaner[R0].txt - [2399 bytes] - [14/07/2015 21:28:47]
AdwCleaner[S0].txt - [2348 bytes] - [14/07/2015 21:30:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2407  bytes] ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Myles at 2015-07-14 21:25:26 Run:1
Running from C:\Users\Myles\Desktop
Loaded Profiles: Myles (Available Profiles: Myles)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Task: {BD91B324-4367-415D-9360-507FB5156BCE} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
AppInit_DLLs-x32: c:\progra~3\{2b5dc~1\1170~1.1\dora.dll => "c:\progra~3\{2b5dc~1\1170~1.1\dora.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
RemoveProxy:
2015-07-06 12:03 - 2015-07-08 11:40 - 00000000 ____D C:\ProgramData\6583e107000046da
2015-07-05 15:39 - 2015-07-08 11:40 - 00000000 ____D C:\Program Files (x86)\shoupnddrop
2015-07-05 15:40 - 2015-05-28 10:29 - 00000000 ____D C:\ProgramData\13120781066233055183
2015-06-16 08:04 - 2015-05-28 10:32 - 00000000 ____D C:\ProgramData\ed9a7b06000039bc
2015-07-12 07:52 - 2015-07-12 07:52 - 00000024 _____ C:\Users\Myles\AppData\Roaming\appdataFr25.bin
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD91B324-4367-415D-9360-507FB5156BCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD91B324-4367-415D-9360-507FB5156BCE}" => key removed successfully
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
"c:\progra~3\{2b5dc~1\1170~1.1\dora.dll" => value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1909816545-1500077015-3682874139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\ProgramData\6583e107000046da => moved successfully.
C:\Program Files (x86)\shoupnddrop => moved successfully.
C:\ProgramData\13120781066233055183 => moved successfully.
C:\ProgramData\ed9a7b06000039bc => moved successfully.
C:\Users\Myles\AppData\Roaming\appdataFr25.bin => moved successfully.
EmptyTemp: => 2.1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 21:25:52 ====
 
 

  • 0

#5
BrianDrab
Posted 14 July 2015 - 09:31 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

How is your machine now?


  • 0

#6
badcomputer!
Posted 14 July 2015 - 10:20 PM

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

I'm still getting pop-ups when browsing -- this is my latest one, of course, be careful:

 

http://gettechsuppor...ba102b8e7c41c2a

 

Note: I went into chrome and did disable the extension that was causing this, so hopefully that fixes it.


Edited by badcomputer!, 14 July 2015 - 10:21 PM.

  • 0

#7
BrianDrab
Posted 15 July 2015 - 05:43 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the update. I assume it was the following extension?

CHR Extension: (Google Wallet) - C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24]

 

Let's do a final scan to ensure nothing else is lurking about.

 

Step#1 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post
1. Contents of the ESET log file

 


  • 0

#8
badcomputer!
Posted 15 July 2015 - 11:00 AM

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here are the results from the scan:

 

 

C:\Program Files (x86)\OpenDownloaderManager\optimizerpro.exe a variant of Win32/OptimizerEliteMax.C potentially unwanted application
C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a7 HTML/FakeAlert.AK trojan
E:\Users\Myles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59CENWGC\belarc-advisor_setup.exe a variant of Win32/InstallCore.ZD potentially unwanted application
E:\Users\Myles\AppData\Local\Temp\is1480233727\3635CC17_stp\icc.dll a variant of Win32/InstallCore.YX potentially unwanted application
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\FDMClient.dll a variant of Win32/ClientConnect.A potentially unwanted application
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\System.dll a variant of Win32/ClientConnect.A potentially unwanted application
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\webapphost.dll a variant of Win32/ClientConnect.A potentially unwanted application
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\SecondOffer2\spwrapper.exe a variant of Win32/ClientConnect.A potentially unwanted application
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\SecondOffer3\SuperOptimizer.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application

  • 0

#9
BrianDrab
Posted 15 July 2015 - 11:22 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

That's what I thought. There were remnants hiding about. Especially the following one.

 

C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a7

 

 

Please do the following to clean this up.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   241bytes   116 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0

#10
badcomputer!
Posted 15 July 2015 - 12:24 PM

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here are the results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Myles at 2015-07-15 13:24:15 Run:2
Running from C:\Users\Myles\Desktop
Loaded Profiles: Myles (Available Profiles: Myles)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Program Files (x86)\OpenDownloaspamnager\
C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a7
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\SecondOffer2
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\SecondOffer3
*****************
 
"C:\Program Files (x86)\OpenDownloaspamnager" => File/Folder not found.
C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a7 => moved successfully.
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\SecondOffer2 => moved successfully.
E:\Users\Myles\AppData\Local\Temp\nsb2751.tmp\SecondOffer3 => moved successfully.
 
==== End of Fixlog 13:24:17 ====

  • 0

#11
BrianDrab
Posted 15 July 2015 - 12:27 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Excellent. If you have no further issues, let's clean up and get you on your way.

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#12
badcomputer!
Posted 19 July 2015 - 06:09 AM

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Brian,

 

Sorry for the delay - here are the logs and updates:

 

Delfix:

 

# DelFix v1.010 - Logfile created 19/07/2015 at 07:02:12
# Updated 26/04/2015 by Xplode
# Username : Myles - MYLES-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Myles\Desktop\FRST-OlderVersion
Deleted : C:\Users\Myles\Desktop\AdwCleaner.exe
Deleted : C:\Users\Myles\Desktop\Fixlog.txt
Deleted : C:\Users\Myles\Desktop\FRST64.exe
Deleted : C:\Users\Myles\Downloads\Addition.txt
Deleted : C:\Users\Myles\Downloads\FRST.txt
Deleted : C:\Users\Myles\Downloads\FRST64 (1).exe
Deleted : C:\Users\Myles\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #41 [Windows Update | 07/06/2015 21:03:10]
Deleted : RP #42 [Windows Update | 07/10/2015 21:27:31]
Deleted : RP #43 [Windows Update | 07/14/2015 15:16:47]
Deleted : RP #44 [Installed iTunes | 07/14/2015 23:04:39]
Deleted : RP #46 [Restore Point Created by FRST | 07/15/2015 02:25:26]
Deleted : RP #47 [Windows Update | 07/16/2015 03:59:14]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
Thank you for your help through this -- I appreciate it greatly.
 
 
Myles

  • 0

#13
BrianDrab
Posted 19 July 2015 - 06:22 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

#14
BrianDrab
Posted 19 July 2015 - 06:22 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP