Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple malware/adware programs keep installing, please help [Solved]

Started by Alkalidum , Aug 20 2015 02:42 PM

  • This topic is locked This topic is locked

#16
pystryker
Posted 22 August 2015 - 02:14 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hey :)
 
This the correct link? http://www.virustota...sis/1440272104/


Hello :)

That's the one. :thumbsup: That file is infected, and needs to go. Let's go ahead and remove it and run a scan for any possible rootkits.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
() C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe
Task: {37DF7685-46C7-46D6-B9F0-2B80072AFF8C} - System32\Tasks\SystemSearchIndexer => C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe [2015-08-21] () <==== ATTENTION
C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Scan with MBAR

Please download Malwarebytes Anti-Rootkit to your Desktop
  • Double-click the icon to start the tool.
  • It will ask you where to extract it. Extracting to the Desktop will be fine. Then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next".
  • In the next window, make sure that Drivers, Sectors, and System are checked. Then click "Scan".
  • If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  • Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
  • The Clean up procedure will be Scheduled for process.
  • When complete, the pop-up window will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  • Open the MBAR folder, which is located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Mbar Logs
  • 0

Advertisements

#17
Alkalidum
Posted 22 August 2015 - 02:41 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Fixlog is done, The MalwareBytes one looks like it will take a very long time though judging by the files its scanning atm  :wacko:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Speed X8 (2015-08-22 21:19:56) Run:3
Running from C:\Users\Speed X8\Desktop
Loaded Profiles: Speed X8 (Available Profiles: Speed X8)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
() C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe
Task: {37DF7685-46C7-46D6-B9F0-2B80072AFF8C} - System32\Tasks\SystemSearchIndexer => C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe [2015-08-21] () <==== ATTENTION
C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe
End
*****************
 
Restore point was successfully created.
[1840] C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe => process closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37DF7685-46C7-46D6-B9F0-2B80072AFF8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37DF7685-46C7-46D6-B9F0-2B80072AFF8C}" => key removed successfully
C:\Windows\System32\Tasks\SystemSearchIndexer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSearchIndexer" => key removed successfully
C:\ProgramData\SystemSearchIndexer\SystemSearchIndexer.exe => moved successfully
 
==== End of Fixlog 21:20:18 ====

  • 0

#18
pystryker
Posted 22 August 2015 - 02:59 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
No worries on the MBAR scan, it does a very thorough job. :) I'll be here when it's finished and you post the logs. :thumbsup:
  • 0

#19
Alkalidum
Posted 22 August 2015 - 03:00 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Ok, didn't take as long as long as i was expecting  :laughing: saw it going through my games files and i have about 200 games on Steam lol.

 

Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
 
Database version:
  main:    v2015.08.22.04
  rootkit: v2015.08.16.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17959
Speed X8 :: SPEEDX8-PC [administrator]
 
22/08/2015 21:22:32
mbar-log-2015-08-22 (21-22-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 438286
Time elapsed: 26 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Speed X8\Desktop\trainer\payday2\Pday2+17Tr-LNG_UD12\Pday2+17Tr-LNG_UD12.exe (VirTool.Obfuscator) -> Delete on reboot. [5e7e29e2cdbe4ceaa39392f434ccb44c]
C:\Users\Speed X8\Desktop\trainer\wastland 2\Wasteland 2 V59820 Trainer +11 MrAntiFun.EXE (HackTool.CheatEngine) -> Delete on reboot. [f1eb13f8b0dbf640dbbebf9d25db38c8]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

  • 0

#20
Alkalidum
Posted 22 August 2015 - 03:01 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.2.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17959
 
Java version: 1.6.0_39
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17162362880, free: 13698224128
 
Downloaded database version: v2015.08.22.04
Downloaded database version: v2015.08.16.01
Downloaded database version: v2015.08.18.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/22/2015 21:22:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdisFlt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\ngvss.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\DRIVERS\CLBStor.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\ScpVBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\MijXfilt.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\CLBUDF.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\??\C:\Windows\system32\Drivers\rikvm_9EC60124.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.08.22.04
  rootkit: v2015.08.16.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d8b5790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d8b51e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d8b5790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d6ba520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800d6bb060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D2DB4A79
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3906820096
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80131ce790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80133d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80131ce790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80133cfb60, DeviceName: \Device\000000a3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8012d87790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80133ceb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8012d87790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80133c6b60, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80131e0790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80133cdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80131e0790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80133d3b60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8012c90790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8012c902c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8012c90790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80133d1b60, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\GrimeFighter2.log" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AD50E1681BBCF6D402B6A03DF953DF332D9615.bin.83" is compressed (flags = 1)
Infected: C:\Users\Speed X8\Desktop\trainer\payday2\Pday2+17Tr-LNG_UD12\Pday2+17Tr-LNG_UD12.exe --> [VirTool.Obfuscator]
Infected: C:\Users\Speed X8\Desktop\trainer\wastland 2\Wasteland 2 V59820 Trainer +11 MrAntiFun.EXE --> [HackTool.CheatEngine]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

  • 0

#21
pystryker
Posted 22 August 2015 - 03:11 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Ok, didn't take as long as long as i was expecting :laughing: saw it going through my games files and i have about 200 games on Steam lol.


Hello :)

Well, looks like MBAR found a couple of nasties hiding and showed them the door. :thumbsup: Let's run some scans for remnants and orphans and check for out of date programs. How is the machine running?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#22
Alkalidum
Posted 23 August 2015 - 05:12 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hey,

 

Little worried about these scans, seems like they picked up a lot of threats!  :no:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=0d68ee1458b6e44c97951cf2dede1cd8
# end=init
# utc_time=2015-08-23 08:24:58
# local_time=2015-08-23 09:24:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25412
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=0d68ee1458b6e44c97951cf2dede1cd8
# end=updated
# utc_time=2015-08-23 08:28:11
# local_time=2015-08-23 09:28:11 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0d68ee1458b6e44c97951cf2dede1cd8
# engine=25412
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-23 11:08:07
# local_time=2015-08-24 12:08:07 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 136050 192836337 0 0
# scanned=635224
# found=89
# cleaned=0
# scan_time=9595
sh=2C364722541D728B437E91843774894C566A0433 ft=1 fh=29f89c9bd348e429 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir"
sh=33226C12F9EE39A17B46F92C270D04D9AFFF1C18 ft=1 fh=79d98afb013d6de4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir"
sh=A03BF828FFFCC0733E363EB55CE218DAA952A9FA ft=1 fh=7bb15e851e3fee3f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir"
sh=4A1EF9047B4310143BE88CBF86DEF5A78A9DBF43 ft=1 fh=64626653c88011e7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir"
sh=2A92B0C44DC38D27D4B364441DBCEDBD504B6E2A ft=1 fh=20346b1ad9cc600b vn="a variant of Win64/Adware.Adpeak.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\iiwjljrnpc64.exe.vir"
sh=A96820CD585E00B9F6C344BC1E7BFCE2C5A08A31 ft=1 fh=7bed3e477a04d6b3 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\nfapi.dll.vir"
sh=3F5D04149E916FADA9CA4ECEF02F2FBA2151D80C ft=1 fh=48895a5a9e00df71 vn="a variant of Win32/Adware.Vitruvian.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe.vir"
sh=FFA92A7806098F8A56DF796DBD9235F203ED781F ft=1 fh=8e8812e35b797ee0 vn="MSIL/Adware.Vitruvian.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe.vir"
sh=520BE33FC194C85AF9BA3D8D0BB7454BA2697A93 ft=1 fh=92d60e71ff1ee1d6 vn="a variant of Win64/Adware.CouponMarvel.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat64.dll.vir"
sh=C73AB7837E13D8A28A9EEF8F6DD8A167C13DFB9A ft=1 fh=4512a8d87a34263d vn="a variant of Win32/Adware.CouponMarvel.N application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir"
sh=80A6D2F5472C5BDB7E6C6D88079EA1281805550B ft=1 fh=746898d8f50e0dc0 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=4661774E447DCB3D9E1ACF051E3A282293579DB8 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkiplbhffapapmbjhmbekaiccjkninl\5.14\content.js.vir"
sh=419CD01174678579A56DD8E0C10E88C33915F002 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkiplbhffapapmbjhmbekaiccjkninl\5.14\qm32mF4BPY.js.vir"
sh=4661774E447DCB3D9E1ACF051E3A282293579DB8 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdifghcmfmnjndedfcbeblbnajobal\1.0\content.js.vir"
sh=3C63B156453D9F037210C60CC96BF1E0DDF504DC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdifghcmfmnjndedfcbeblbnajobal\1.0\iSdiXtVWCld.js.vir"
sh=4661774E447DCB3D9E1ACF051E3A282293579DB8 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkiplbhffapapmbjhmbekaiccjkninl\5.14\content.js.vir"
sh=419CD01174678579A56DD8E0C10E88C33915F002 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkiplbhffapapmbjhmbekaiccjkninl\5.14\qm32mF4BPY.js.vir"
sh=4661774E447DCB3D9E1ACF051E3A282293579DB8 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdifghcmfmnjndedfcbeblbnajobal\1.0\content.js.vir"
sh=3C63B156453D9F037210C60CC96BF1E0DDF504DC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdifghcmfmnjndedfcbeblbnajobal\1.0\iSdiXtVWCld.js.vir"
sh=4661774E447DCB3D9E1ACF051E3A282293579DB8 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkiplbhffapapmbjhmbekaiccjkninl\5.14\content.js.vir"
sh=419CD01174678579A56DD8E0C10E88C33915F002 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkiplbhffapapmbjhmbekaiccjkninl\5.14\qm32mF4BPY.js.vir"
sh=4661774E447DCB3D9E1ACF051E3A282293579DB8 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdifghcmfmnjndedfcbeblbnajobal\1.0\content.js.vir"
sh=3C63B156453D9F037210C60CC96BF1E0DDF504DC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdifghcmfmnjndedfcbeblbnajobal\1.0\iSdiXtVWCld.js.vir"
sh=6142578CD21CF27FD3C1B3A4F0626DE9FC6DF275 ft=1 fh=a0b7e9a9340cf144 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Speed X8\AppData\Local\SmartWeb\SmartWebApp.exe.vir"
sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Speed X8\AppData\Local\SmartWeb\SmartWebHelper.exe.vir"
sh=080016256C564232771ED8D6EFFC94ECAECAD316 ft=1 fh=bfc1d533ef10baf8 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Speed X8\AppData\Local\SmartWeb\swhk.dll.vir"
sh=F2310A0C0CCDFB5829C7F32B27207472A9DE9267 ft=1 fh=b9e1d0af8f752000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Speed X8\AppData\LocalLow\AskToolbar\setup.exe.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Speed X8\AppData\Roaming\AnyProtectEx\swf\swfCBT.swf.vir"
sh=DAC709B5E008F210478B919F1472D52361AB450E ft=1 fh=0750c33383e298e8 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\Sysnative\roboot64.exe.vir"
sh=9AA55021B0188E4470C886A596DBAB6E07BAA532 ft=1 fh=349203c07b85ff2a vn="a variant of Win32/Adware.ConvertAd.WW application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\00000000-1440005683-0000-0000-50E54946680C\rnsi5DB7.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Local\nse5B1F.tmp.xBAD"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Local\nsr895F.tmp.xBAD"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Local\nsrEF14.tmp.xBAD"
sh=6142578CD21CF27FD3C1B3A4F0626DE9FC6DF275 ft=1 fh=a0b7e9a9340cf144 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Local\SmartWeb\SmartWebApp.exe"
sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Local\SmartWeb\SmartWebHelper.exe"
sh=080016256C564232771ED8D6EFFC94ECAECAD316 ft=1 fh=bfc1d533ef10baf8 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Local\SmartWeb\swhk.dll"
sh=FA14CDEDC3BCBCB1C8B8487D47BE1E628A930503 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\102.js"
sh=C10E64DC01896B43B0C89F53376D4164453BC74E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\178.js"
sh=9CB942D538CEA821683BC9D832014E8EC5FDE2EC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\179.js"
sh=80C90D030EA66EA5346FBF5214670595E3375CAD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\180.js"
sh=0987FB3F0C956A9578B1C3D050189BB99A017FC2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\184.js"
sh=4BCC541E7A14BF89B1633A1BC794E6848B831E80 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\200.js"
sh=81093FDBF2F59E6D00BA4DACA51E6D37F185678F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\220.js"
sh=4A456E8397DFF5CBB4FF25D8B9710C41A42AFCC3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\223.js"
sh=877349BAD187BE3A07174EA0A6F16A375474C639 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\231.js"
sh=776290247C80F20D24E4BA8F99F13F2D5578ECC8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\232.js"
sh=F3C19FB08E08EEDA6008DFA8175DEDEA51DE1BFA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\234.js"
sh=69F3441DAAA26144ABB42DB33386C549E9F2231D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\242.js"
sh=3CA5653E6B858F15992AC689F06C8456A94B0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\253.js"
sh=C7CDE1253534F30E65119C426D5345ED57905D37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\262.js"
sh=F07F02D132DE7A3F89F9CEE7284820DB1DD63331 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\263.js"
sh=C7574CAC8611C5FBBE4AE2127C4CA0E2FB58DB69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\273.js"
sh=5443843013D026E8A114EDEC837671DAC84F4AEA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\281.js"
sh=397EC598B400D3A2111C9C0EEA7D85464774BBD7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\288.js"
sh=EEC37C06483A1CC592AEBB925056B8C66C782438 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\289.js"
sh=7A0B43CC3BD069AE9B149EB8F4BEEB6F097837DB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\300.js"
sh=F830C45582EA30AA81037DD511D6657BAC6D3470 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\335.js"
sh=DAFE26CC2D17C59CC7CA0B0563A50C6215781167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\339.js"
sh=81A6DC2B3E4EB2A7B58E592A3E86C0C858936E87 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\380.js"
sh=46785AF9F3FDFD7BA7E68C918CA9B2BFD5FE81CE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\385.js"
sh=939E258F473C19C99336F99FA8924A127E12AA67 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\389.js"
sh=8C03AF269B9B3748482016ABD7F8FDF2BE562177 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\390.js"
sh=B11A64AE212C15C25C435BCE4C67235DDECCE883 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\391.js"
sh=08A2BB08725C99F79A889C6C7CB9C7DD6306E0B6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\424.js"
sh=86D944D5832E0CADF81AD1ABD5E5CDC20C057A44 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\437.js"
sh=38F620054260AA85245ED08062006157CE62CD54 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected]\extensionData\plugins\91.js"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=B20B0BD8E5CDD280C5DC922FFD896DF50D208CB7 ft=1 fh=59ddf8c2c6946d84 vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat"
sh=A4CBAA4D6D5B4010CD2EDECBE78F5DA70307A1D2 ft=1 fh=95540bef64a4b545 vn="a variant of Win32/InstallCore.ZH potentially unwanted application" ac=I fn="C:\Users\Speed X8\.frostwire5\updates\frostwire-setup.exe"
sh=F1CBB8903C73D5C48D10BE47126423CEFE715034 ft=1 fh=4e55fba2bcbacc6c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\autoi.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Speed X8\Downloads\cbsidlm-cbsi188-Game_Fire-ORG-75290103.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\ccsetup501 (1).exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\ccsetup501.exe"
sh=03215C48CB00536971E88817819081965062F03E ft=1 fh=71226b2d678a6418 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\dfsetup218.exe"
sh=EAFFA0F4B976C8F83FFC71868196F8F70DC9C990 ft=1 fh=57adec1c4d44f18a vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\FoxitReader531.0606_enu_Setup.exe"
sh=E5941573F78A84C8BAE62EB329CBA313132221D7 ft=1 fh=12f9e56bf3840760 vn="a variant of MSIL/GameHack.KE potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\Next Car Game Trainer (1).exe"
sh=9B3F7E3B4F0E2FA26887DD66E2E85D010E216776 ft=1 fh=102809a31fb3a947 vn="a variant of MSIL/GameHack.KE potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\Next Car Game Trainer.exe"
sh=1C49F7485B6A93B2059A0C9B034070F44E8CF43F ft=1 fh=e9e4111c37d8d23f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Speed X8\Downloads\TuneUpUtilities2012_en-US-123.exe"
sh=8C34EAB6DCBC2B0DA91BF66B0D696A35B6936CB6 ft=1 fh=0cc8e7d1d35150e5 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Speed X8\Downloads\winzip16-64.exe"
sh=2B5C876CE427CF5F320627438D796A7EE67F43E1 ft=1 fh=a09ef866d27b4a42 vn="a variant of Win32/FirseriaInstaller.C potentially unwanted application" ac=I fn="C:\Users\Speed X8\Downloads\christmas 2\App.exe"
sh=8D94CD9EFC6A1B6F5D24902751917066614D91FA ft=1 fh=6a34d1eb793de369 vn="Win32/Verti.A potentially unwanted application" ac=I fn="C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller (1).exe"
sh=8D94CD9EFC6A1B6F5D24902751917066614D91FA ft=1 fh=6a34d1eb793de369 vn="Win32/Verti.A potentially unwanted application" ac=I fn="C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller.exe"
sh=B37B52285DE862B7CAEA96BB8EB99D9B10DE236F ft=1 fh=1dbf7062960066bb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Speed X8\Downloads\christmas 2\Shockwave_Installer_Slim.exe"

  • 0

#23
Alkalidum
Posted 23 August 2015 - 05:13 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/08/2015
Scan Time: 22:26
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.22.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Speed X8
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438190
Time Elapsed: 24 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe, 1924, Delete-on-Reboot, [8b5156b51b704ee881ea75a3ae550bf5]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.WombatUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\SERVICE1291.EXE, Quarantined, [e1fb6e9d513af4424170b06b887b8878], 
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ToolsUpdatePlatform_ScheduledTask, Quarantined, [25b74dbe0d7e2a0c91f397867b8809f7], 
PUP.Optional.WordSurfer.A, HKLM\SOFTWARE\WOW6432NODE\WordSurfer_1.10.0.19, Quarantined, [37a529e204870b2bf5bea30edd27b44c], 
PUP.Optional.SushiLeads.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SushiLeadsApplication_RASAPI32, Quarantined, [fedeb2598803be78d0ef337feb197888], 
PUP.Optional.SushiLeads.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SushiLeadsApplication_RASMANCS, Quarantined, [588484877a1152e4338c5a58a75d7c84], 
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\WOW6432NODE\TOOLSUPDATEPLATFORM, Quarantined, [b6266c9fb9d25dd97d2e8a27ed175ba5], 
PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SushiLeadsUpdaterService, Quarantined, [66764dbe4645f83e62f71c05cf3418e8], 
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6A128791-4857-4484-9BB2-71D4C1257200}, Quarantined, [8b5156b51b704ee881ea75a3ae550bf5], 
 
Registry Values: 4
PUP.Optional.WombatUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\Service1291.exe|{a53dd3e5-0283-4ab3-b77c-7bd1bc7550c6}.sdb, 130845764886575344, Quarantined, [e1fb6e9d513af4424170b06b887b8878]
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\WOW6432NODE\TOOLSUPDATEPLATFORM|partner, self_callback, Quarantined, [b6266c9fb9d25dd97d2e8a27ed175ba5]
PUP.Optional.Linkury.A, HKU\S-1-5-21-975855429-1586840072-3018677650-1000\ENVIRONMENT|SNF, C:\ProgramData\Sublights\snp.sc, Quarantined, [7b6127e49af1bf77913f39795ca81ce4]
PUP.Optional.Linkury.A, HKU\S-1-5-21-975855429-1586840072-3018677650-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=TJ&userid=ec59dcb3-7ca4-9274-ef46-d8330a24a4ca&searchtype=sc&installDate=19/08/2015&barcodeid=50027003&channelid=3, Quarantined, [f5e7b05b99f28aacf7da526071932ed2]
 
Registry Data: 1
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[2eae8685f49790a66c76c8911aeb7090]
 
Folders: 12
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}, Quarantined, [4696ec1fee9df2443efc88780bf8b947], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\B545B99D64128CA1, Quarantined, [4696ec1fee9df2443efc88780bf8b947], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}, Quarantined, [f7e58784672479bd053a50b07a8937c9], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\F5D3F4DC255F1AE1, Quarantined, [f7e58784672479bd053a50b07a8937c9], 
PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp, Quarantined, [53896c9f5932a88ebd034ac3a261926e], 
PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\Setup, Quarantined, [53896c9f5932a88ebd034ac3a261926e], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\Download, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\Dump, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform, Delete-on-Reboot, [8b5156b51b704ee881ea75a3ae550bf5], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublight, Quarantined, [eaf24bc0fc8f6fc76f06ac6e27dc728e], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublights, Quarantined, [9646ad5e98f31c1a05711802ac570af6], 
 
Files: 23
PUP.Optional.InstallCore.A, C:\Users\Speed X8\Downloads\DriverGuide_Driver_Download_121810.exe, Quarantined, [28b4a7642e5d3600d2c65b54e71a6799], 
PUP.Optional.InstallCore.A, C:\Users\Speed X8\Downloads\CR_Downloader_for_digimon-world-2.exe, Quarantined, [b9235facbccf4aecfe3a02b0748d2cd4], 
PUP.Optional.InstallCore.A, C:\Users\Speed X8\Downloads\CR_Downloader_for_epsxe.exe, Quarantined, [3ba1818a9eed37fffa3e189a8081ab55], 
PUP.Optional.WombatUpdater.A, C:\Windows\AppPatch\Custom\{a53dd3e5-0283-4ab3-b77c-7bd1bc7550c6}.sdb, Quarantined, [b22aac5f0c7fc175614f8e8d41c2956b], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Windows\System32\Tasks\ToolsUpdatePlatform_ScheduledTask, Quarantined, [ac303fcc414a4ee8ffd5ab7462a1d52b], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job, Quarantined, [defe97742a61d5617e576eb1a45f8c74], 
PUP.Optional.AssistPoint.A, C:\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{dac52abc-7662-43af-9a30-fb01426ecf06}.xpi, Quarantined, [419bf516503be254c643fbabc143847c], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\BrowserInfo.encode, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\CloudUpdateInfo.encode, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\LocalAppInfo.encode, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\LocalInfo.encode, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\Dump\BugReportConfig.ini, Quarantined, [cb1149c26526f244ea80af69cf349d63], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\BrowserInfo.exe, Quarantined, [8b5156b51b704ee881ea75a3ae550bf5], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\CrashReport.exe, Quarantined, [8b5156b51b704ee881ea75a3ae550bf5], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\CrashUL.exe, Quarantined, [8b5156b51b704ee881ea75a3ae550bf5], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe, Delete-on-Reboot, [8b5156b51b704ee881ea75a3ae550bf5], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublight\bro3zja5.dll, Quarantined, [eaf24bc0fc8f6fc76f06ac6e27dc728e], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublight\pixzzgqq.dll, Quarantined, [eaf24bc0fc8f6fc76f06ac6e27dc728e], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublight\shmmvw21.dll, Quarantined, [eaf24bc0fc8f6fc76f06ac6e27dc728e], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublights\ff.HP, Quarantined, [9646ad5e98f31c1a05711802ac570af6], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublights\ff.NT, Quarantined, [9646ad5e98f31c1a05711802ac570af6], 
PUP.Optional.Linkury.A, C:\ProgramData\Sublights\snp.sc, Quarantined, [9646ad5e98f31c1a05711802ac570af6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#24
Alkalidum
Posted 23 August 2015 - 05:14 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
 Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 JavaFX 2.1.1    
 Java™ 6 Update 39  
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.232  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome (44.0.2403.155) 
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 

  • 0

#25
pystryker
Posted 23 August 2015 - 08:23 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Little worried about these scans, seems like they picked up a lot of threats! :no:


Hello :)

Not to worry, as the great majority of the items picked up are items that are already quarantined and neutralized by the tools we've employed. :thumbsup: The others are remnants and orphans, and we'll get rid of them starting now.

How is the machine running?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat
C:\Users\Speed X8\.frostwire5\updates\frostwire-setup.exe
C:\Users\Speed X8\Downloads\autoi.exe
C:\Users\Speed X8\Downloads\cbsidlm-cbsi188-Game_Fire-ORG-75290103.exe
C:\Users\Speed X8\Downloads\ccsetup501 (1).exe
C:\Users\Speed X8\Downloads\ccsetup501.exe
C:\Users\Speed X8\Downloads\dfsetup218.exe
C:\Users\Speed X8\Downloads\FoxitReader531.0606_enu_Setup.exe
C:\Users\Speed X8\Downloads\Next Car Game Trainer (1).exe
C:\Users\Speed X8\Downloads\Next Car Game Trainer.exe
C:\Users\Speed X8\Downloads\TuneUpUtilities2012_en-US-123.exe
C:\Users\Speed X8\Downloads\winzip16-64.exe
C:\Users\Speed X8\Downloads\christmas 2\App.exe
C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller (1).exe
C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller.exe
C:\Users\Speed X8\Downloads\christmas 2\Shockwave_Installer_Slim.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Enable Windows UAC and Program Updates

Your User Account Control is currently disabled. This can allow malware to make changes to your system without seeking your permission to do so. Enabling UAC will alert you to any changes that software and malware are attempting to make to your system, giving you another method of defense.
  • Open User Account Control Settings by clicking the Start button and then clicking Control Panel
  • In the Search Box, type in uac and then click Change User Account Control settings.
  • To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Update Avast Anti-Virus
  • Your current version fo Avast is out of date. Please update it by following the instructions below.
  • Right click the orange orb in the lower right corner of your desktop and select Open Avast User Interface and then click Settings
  • Click on Update and then click Program.
  • Once it has updated the program, click Virus Definitions to update it to the latest database.
Java Warning and Update


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

javara_zpshnkbqglv.jpg


Update Firefox

Your current version of FireFox is out of date. Please update it by clicking the Help tab and then select About FireFox. FireFox will then update itself.


Things I need to see in your next post:

Fixlog.txt Log

How is the machine running?
  • 0

Advertisements

#26
Alkalidum
Posted 24 August 2015 - 03:02 AM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hey,

 

I just tried playing a game of Hearthstone to test how the PC is running but for some reason my CPU usage is shooting up to over 90%, its not constant though it seems to be stable at around 10% while playing then shoots up to 90+% for about 5 seconds then back down and will do this every min or so. It was a game that ran fine prior to the virus and isnt a particularly demanding game either :upset: 

 

Anyway onto the logs :)

 

 Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015

Ran by Speed X8 (2015-08-24 09:04:55) Run:4
Running from C:\Users\Speed X8\Desktop
Loaded Profiles: Speed X8 (Available Profiles: Speed X8)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat
C:\Users\Speed X8\.frostwire5\updates\frostwire-setup.exe
C:\Users\Speed X8\Downloads\autoi.exe
C:\Users\Speed X8\Downloads\cbsidlm-cbsi188-Game_Fire-ORG-75290103.exe
C:\Users\Speed X8\Downloads\ccsetup501 (1).exe
C:\Users\Speed X8\Downloads\ccsetup501.exe
C:\Users\Speed X8\Downloads\dfsetup218.exe
C:\Users\Speed X8\Downloads\FoxitReader531.0606_enu_Setup.exe
C:\Users\Speed X8\Downloads\Next Car Game Trainer (1).exe
C:\Users\Speed X8\Downloads\Next Car Game Trainer.exe
C:\Users\Speed X8\Downloads\TuneUpUtilities2012_en-US-123.exe
C:\Users\Speed X8\Downloads\winzip16-64.exe
C:\Users\Speed X8\Downloads\christmas 2\App.exe
C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller (1).exe
C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller.exe
C:\Users\Speed X8\Downloads\christmas 2\Shockwave_Installer_Slim.exe
End
*****************
 
Restore point was successfully created.
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe => moved successfully
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat => moved successfully
C:\Users\Speed X8\.frostwire5\updates\frostwire-setup.exe => moved successfully
C:\Users\Speed X8\Downloads\autoi.exe => moved successfully
C:\Users\Speed X8\Downloads\cbsidlm-cbsi188-Game_Fire-ORG-75290103.exe => moved successfully
C:\Users\Speed X8\Downloads\ccsetup501 (1).exe => moved successfully
C:\Users\Speed X8\Downloads\ccsetup501.exe => moved successfully
C:\Users\Speed X8\Downloads\dfsetup218.exe => moved successfully
C:\Users\Speed X8\Downloads\FoxitReader531.0606_enu_Setup.exe => moved successfully
C:\Users\Speed X8\Downloads\Next Car Game Trainer (1).exe => moved successfully
C:\Users\Speed X8\Downloads\Next Car Game Trainer.exe => moved successfully
C:\Users\Speed X8\Downloads\TuneUpUtilities2012_en-US-123.exe => moved successfully
C:\Users\Speed X8\Downloads\winzip16-64.exe => moved successfully
C:\Users\Speed X8\Downloads\christmas 2\App.exe => moved successfully
C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller (1).exe => moved successfully
C:\Users\Speed X8\Downloads\christmas 2\PDFCreator_RocketFuelInstaller.exe => moved successfully
C:\Users\Speed X8\Downloads\christmas 2\Shockwave_Installer_Slim.exe => moved successfully
 
==== End of Fixlog 09:05:42 ====

  • 0

#27
pystryker
Posted 24 August 2015 - 04:40 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hey,



I just tried playing a game of Hearthstone to test how the PC is running but for some reason my CPU usage is shooting up to over 90%, its not constant though it seems to be stable at around 10% while playing then shoots up to 90+% for about 5 seconds then back down and will do this every min or so. It was a game that ran fine prior to the virus and isnt a particularly demanding game either :upset:



Hello :)

Ok, let's get a fresh set of logs with FRST and make sure nothing has returned. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with FRST

Please start Farbar's Recovery Scan tool, place a checkmark in the Addition.txt box and then press Scan
FRST will scan you system and produce 2 logs, FRST.txt and Addition.txt. Please post both of them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST.txt Log

Addition.txt Log
  • 0

#28
Alkalidum
Posted 24 August 2015 - 01:40 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hey :)

 

PC is definitely booting up faster now, and seems like most of the other problems are solved, Its just the weird CPU usage now! lol

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015

Ran by Speed X8 (administrator) on SPEEDX8-PC (24-08-2015 20:35:20)
Running from C:\Users\Speed X8\Desktop
Loaded Profiles: Speed X8 (Available Profiles: Speed X8)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-18] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2011-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Mirroring360] => C:\Program Files (x86)\Mirroring360\Mirroring360.exe [9966416 2014-10-15] (Splashtop Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-20] (AVAST Software)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [IndieCity Client] => C:\Program Files (x86)\IndieCity\Client\bin\x86\iceclient.exe -m
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-23]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-23]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2012-09-14]
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-20] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-24] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-23] (LastPass)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-23] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-23] (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\..\Interfaces\{283D9FDB-27F4-4CC0-B300-A9CF3572C5A7}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{5FECFA46-5C30-449C-90BC-691D6E34E6C0}: [DhcpNameServer] 192.168.42.129
 
FireFox:
========
FF ProfilePath: C:\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-24] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-23] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-23] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin HKU\S-1-5-21-975855429-1586840072-3018677650-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Speed X8\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-975855429-1586840072-3018677650-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-20] ()
FF SearchPlugin: C:\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\searchplugins\google-avast.xml [2015-08-20]
FF Extension: LastPass - C:\Users\Speed X8\AppData\Roaming\Mozilla\Firefox\Profiles\6p4gp8b1.default\Extensions\[email protected] [2015-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2015-08-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Speed X8\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Speed X8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-20]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Speed X8\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2015-08-20]
CHR Extension: (AdBlock) - C:\Users\Speed X8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Speed X8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Speed X8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-20] (Avast Software)
S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [938776 2013-05-17] (BitRaider, LLC)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-26] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S2 MBAMService; C:\Users\Speed X8\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2928128 2012-11-19] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-15] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [211808 2010-06-28] (Ralink Technology, Corp.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-20] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-20] (AVAST Software)
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [74024 2013-04-04] (BitRaider)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-09] (Symantec Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-03-16] ()
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2013-09-29] (MotioninJoy) [File not signed]
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-20] (AVAST Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-20] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-24 20:35 - 2015-08-24 20:36 - 00027372 _____ C:\Users\Speed X8\Desktop\FRST.txt
2015-08-24 20:34 - 2015-08-24 20:34 - 00000000 ____D C:\Users\Speed X8\Desktop\FRST-OlderVersion
2015-08-24 09:27 - 2015-08-24 09:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-24 09:17 - 2015-08-24 09:17 - 00000000 ____D C:\ProgramData\Sun
2015-08-24 09:10 - 2015-08-24 09:18 - 00000000 ____D C:\Users\Speed X8\Desktop\JavaRa-2.6
2015-08-24 09:10 - 2015-08-24 09:10 - 00184620 _____ C:\Users\Speed X8\Downloads\JavaRa-2.6.1.zip
2015-08-24 00:09 - 2015-08-24 00:09 - 00852704 _____ C:\Users\Speed X8\Downloads\SecurityCheck.exe
2015-08-24 00:09 - 2015-08-24 00:09 - 00852704 _____ C:\Users\Speed X8\Desktop\SecurityCheck.exe
2015-08-23 21:24 - 2015-08-23 21:24 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-22 22:24 - 2015-08-22 22:24 - 00000000 ____D C:\Users\Speed X8\Desktop\Malwarebytes Anti-Malware
2015-08-22 22:24 - 2015-08-22 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-22 22:24 - 2015-08-22 22:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Speed X8\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-22 22:24 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-22 22:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-22 22:23 - 2015-08-22 22:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Speed X8\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-22 21:22 - 2015-08-22 22:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 21:22 - 2015-08-22 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-22 21:21 - 2015-08-22 21:51 - 00000000 ____D C:\Users\Speed X8\Desktop\mbar
2015-08-22 21:21 - 2015-08-22 21:20 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Speed X8\Desktop\mbar-1.09.2.1008.exe
2015-08-22 21:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 21:20 - 2015-08-22 21:20 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Speed X8\Downloads\mbar-1.09.2.1008.exe
2015-08-22 00:23 - 2015-08-22 00:23 - 00000000 ____D C:\Users\Speed X8\AppData\Local\GWX
2015-08-21 10:58 - 2015-08-21 10:58 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Speed X8\Downloads\JRT.exe
2015-08-21 10:58 - 2015-08-21 10:58 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Speed X8\Desktop\JRT.exe
2015-08-21 10:32 - 2015-08-22 21:20 - 00000000 ____D C:\ProgramData\SystemSearchIndexer
2015-08-20 21:52 - 2015-08-20 21:53 - 00137859 _____ C:\Users\Speed X8\Downloads\Addition.txt
2015-08-20 21:51 - 2015-08-24 20:35 - 00000000 ___DC C:\FRST
2015-08-20 21:51 - 2015-08-24 20:34 - 02186752 ____C (Farbar) C:\Users\Speed X8\Desktop\FRST64.exe
2015-08-20 21:51 - 2015-08-20 21:53 - 00084307 _____ C:\Users\Speed X8\Downloads\FRST.txt
2015-08-20 21:32 - 2015-08-20 21:32 - 00246100 _____ C:\Users\Speed X8\Downloads\Extras.Txt
2015-08-20 21:30 - 2015-08-20 21:30 - 00177820 _____ C:\Users\Speed X8\Downloads\OTL.Txt
2015-08-20 20:47 - 2015-08-20 20:42 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-20 20:46 - 2015-08-20 20:47 - 01605632 _____ C:\Users\Speed X8\Desktop\AdwCleaner (1).exe
2015-08-20 20:46 - 2015-08-20 20:46 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-20 20:45 - 2015-08-20 20:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-20 20:44 - 2015-08-20 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Speed X8\Downloads\OTL.exe
2015-08-20 20:42 - 2015-08-20 20:42 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-08-20 20:34 - 2015-08-20 20:34 - 00000000 ____D C:\Users\Speed X8\Documents\ProcAlyzer Dumps
2015-08-20 09:42 - 2015-08-20 09:42 - 00001504 _____ C:\ProgramData\tempimage.bmp
2015-08-19 23:54 - 2015-08-11 02:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 23:54 - 2015-08-11 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 23:54 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 23:54 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 20:54 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150819-205448.backup
2015-08-19 19:55 - 2015-08-19 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-19 19:55 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-19 19:50 - 2015-08-19 20:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-19 19:50 - 2015-08-19 19:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-19 19:50 - 2015-08-19 19:50 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-19 19:50 - 2015-08-19 19:50 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-19 19:50 - 2015-08-19 19:50 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-08-19 19:50 - 2015-08-19 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-19 19:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-08-19 19:49 - 2015-08-19 19:49 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Speed X8\Downloads\spybot-2.4.exe
2015-08-19 18:46 - 2015-08-20 21:43 - 00000000 ____C C:\dummy.htm
2015-08-19 18:42 - 2015-08-19 18:43 - 00000904 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-19 18:35 - 2015-08-19 18:56 - 00002192 _____ C:\Users\Speed X8\Desktop\chrome.lnk
2015-08-19 18:35 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-19 18:31 - 2015-08-19 18:31 - 00000000 ____D C:\Users\Speed X8\AppData\Local\MiniService
2015-08-19 18:31 - 2015-08-19 18:31 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-08-19 16:43 - 2015-08-19 16:43 - 00003206 _____ C:\Windows\System32\Tasks\{B42D7871-5D2F-4356-A274-9660481C2BAF}
2015-08-19 16:40 - 2015-08-19 16:40 - 00000053 _____ C:\Windows\Directx.log
2015-08-19 16:26 - 1999-12-16 15:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-08-18 19:43 - 2015-08-18 19:43 - 00000000 _____ C:\Users\Speed X8\apploc.msi
2015-08-18 19:31 - 2015-08-18 19:31 - 01391104 _____ C:\apploc.msi
2015-08-18 19:19 - 2015-08-18 19:19 - 00003216 _____ C:\Windows\System32\Tasks\{139121BD-9416-43B4-96AF-F08644BB5F77}
2015-08-12 00:37 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 00:37 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:02 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 21:02 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 21:02 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 21:02 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 21:02 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 21:02 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 21:02 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 21:02 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 21:02 - 2015-07-15 19:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 21:02 - 2015-07-15 19:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 21:02 - 2015-07-15 19:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 21:02 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 21:02 - 2015-07-15 19:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 21:02 - 2015-07-15 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 21:02 - 2015-07-15 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 21:02 - 2015-07-15 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 21:02 - 2015-07-15 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 21:02 - 2015-07-15 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 21:02 - 2015-07-15 19:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 21:02 - 2015-07-15 19:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 21:02 - 2015-07-15 19:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 21:02 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 21:02 - 2015-07-15 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 21:02 - 2015-07-15 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 21:02 - 2015-07-15 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 21:02 - 2015-07-15 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 21:02 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 21:02 - 2015-07-15 18:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 21:02 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 21:02 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 21:02 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 21:02 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 21:02 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 21:02 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 21:02 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 21:02 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 21:02 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 21:02 - 2015-07-15 18:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 21:02 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 21:02 - 2015-07-15 18:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 21:02 - 2015-07-15 18:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 21:02 - 2015-07-15 18:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 21:02 - 2015-07-15 18:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 21:02 - 2015-07-15 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 21:02 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 21:02 - 2015-07-15 18:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 21:02 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 21:02 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 21:02 - 2015-07-15 17:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 21:02 - 2015-07-15 17:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 21:02 - 2015-07-15 17:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 21:02 - 2015-07-15 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 21:02 - 2015-07-15 17:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 17:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 17:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:02 - 2015-07-15 17:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:01 - 2015-07-21 01:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 21:01 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 21:01 - 2015-07-16 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 21:01 - 2015-07-16 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 21:01 - 2015-07-16 21:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 21:01 - 2015-07-16 21:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 21:01 - 2015-07-16 21:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 21:01 - 2015-07-16 21:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 21:01 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 21:01 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 21:01 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 21:01 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 21:01 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 21:01 - 2015-07-16 20:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 21:01 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 21:01 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 21:01 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 21:01 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 21:01 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 21:01 - 2015-07-16 20:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 21:01 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 21:01 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 21:01 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 21:01 - 2015-07-10 18:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 21:01 - 2015-07-10 18:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 21:01 - 2015-07-10 18:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 21:01 - 2015-07-10 18:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 21:01 - 2015-07-10 18:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 21:01 - 2015-07-10 18:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 21:00 - 2015-07-30 19:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 21:00 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 21:00 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 21:00 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 21:00 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 21:00 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 21:00 - 2015-07-30 18:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 21:00 - 2015-07-30 17:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 21:00 - 2015-07-30 17:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 21:00 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 21:00 - 2015-07-16 21:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 21:00 - 2015-07-16 21:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 21:00 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 21:00 - 2015-07-16 21:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 21:00 - 2015-07-16 21:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 21:00 - 2015-07-16 21:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 21:00 - 2015-07-16 21:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 21:00 - 2015-07-16 21:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 21:00 - 2015-07-16 21:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 21:00 - 2015-07-16 21:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 21:00 - 2015-07-16 21:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 21:00 - 2015-07-16 21:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 21:00 - 2015-07-16 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 21:00 - 2015-07-16 20:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 21:00 - 2015-07-16 20:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 21:00 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 21:00 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 21:00 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 21:00 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 21:00 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 21:00 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 21:00 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 21:00 - 2015-07-16 20:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 21:00 - 2015-07-16 20:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 21:00 - 2015-07-16 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 21:00 - 2015-07-16 20:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 21:00 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 21:00 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 21:00 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 21:00 - 2015-07-16 20:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 21:00 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 21:00 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 21:00 - 2015-07-16 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 21:00 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 21:00 - 2015-07-15 04:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 21:00 - 2015-07-15 04:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 21:00 - 2015-07-15 04:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 21:00 - 2015-07-15 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 21:00 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 21:00 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 21:00 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 21:00 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 21:00 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 21:00 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 21:00 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 21:00 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 20:59 - 2015-07-20 19:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 20:59 - 2015-07-20 19:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 20:59 - 2015-07-20 19:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 20:59 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 20:59 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 20:59 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 20:59 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 20:59 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 20:59 - 2015-07-10 18:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 20:59 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 20:59 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 20:59 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 20:59 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 20:59 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-04 10:48 - 2015-08-04 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-04 10:48 - 2015-08-04 10:48 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-27 17:52 - 2015-07-27 17:52 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (9).plr
2015-07-26 18:19 - 2015-07-26 18:19 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (8).plr
2015-07-26 18:17 - 2015-07-26 18:17 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (7).plr
2015-07-26 18:13 - 2015-07-26 18:13 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (6).plr
2015-07-26 18:11 - 2015-07-26 18:11 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (5).plr
2015-07-26 18:05 - 2015-07-26 18:05 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (4).plr
2015-07-26 18:04 - 2015-07-26 18:04 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (3).plr
2015-07-26 17:54 - 2015-07-26 17:54 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (2).plr
2015-07-26 17:47 - 2015-07-26 17:47 - 00001824 _____ C:\Users\Speed X8\Downloads\Alkalidum (1).plr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-24 20:34 - 2012-03-15 14:26 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{767B4E75-0A22-454C-8045-6C88693109B7}
2015-08-24 20:34 - 2012-03-14 14:10 - 01970763 _____ C:\Windows\WindowsUpdate.log
2015-08-24 20:33 - 2012-03-15 14:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-24 20:30 - 2015-05-07 16:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-24 20:30 - 2012-06-03 15:43 - 00000000 ____D C:\Users\Speed X8\AppData\Local\LogMeIn Hamachi
2015-08-24 20:29 - 2014-12-30 20:48 - 00059300 _____ C:\Windows\setupact.log
2015-08-24 20:29 - 2013-11-08 13:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 20:29 - 2013-03-16 17:46 - 00000392 _____ C:\Windows\Tasks\WpsUpdateTask_Speed X8.job
2015-08-24 20:28 - 2015-04-25 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-24 20:28 - 2012-03-14 14:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-24 20:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-24 12:00 - 2009-07-14 05:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-24 12:00 - 2009-07-14 05:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-24 11:59 - 2012-03-30 13:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-24 11:42 - 2013-11-08 13:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-24 09:56 - 2014-01-14 15:08 - 00000000 ____D C:\Users\Speed X8\AppData\Local\Battle.net
2015-08-24 09:16 - 2014-08-17 18:05 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-24 09:16 - 2012-04-19 17:01 - 00000000 ____D C:\Program Files\Java
2015-08-24 09:05 - 2014-04-13 14:54 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2015-08-24 09:05 - 2012-12-20 17:01 - 00000000 ____D C:\Users\Speed X8\Downloads\christmas 2
2015-08-23 21:15 - 2014-12-31 11:41 - 00607848 _____ C:\Windows\PFRO.log
2015-08-22 22:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PLA
2015-08-22 22:51 - 2015-04-25 22:05 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-22 22:51 - 2015-04-25 22:05 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-22 22:51 - 2012-04-18 23:59 - 00000000 ____D C:\ProgramData\InstallMate
2015-08-22 22:51 - 2012-03-14 14:11 - 00001317 _____ C:\Users\Speed X8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-22 21:53 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\addins
2015-08-22 21:22 - 2014-08-28 11:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-21 11:12 - 2014-08-29 10:37 - 00000000 ___DC C:\AdwCleaner
2015-08-21 10:50 - 2012-12-10 23:14 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2015-08-21 10:47 - 2012-03-14 15:13 - 00000000 ____D C:\Windows\system32\temp
2015-08-21 10:38 - 2015-05-13 19:52 - 00000000 ____D C:\Users\Speed X8\AppData\Roaming\uTorrent
2015-08-21 10:35 - 2014-10-22 17:39 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-08-21 10:35 - 2014-10-22 17:39 - 00000000 ____D C:\Windows\system32\vbox
2015-08-21 10:08 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-20 20:58 - 2013-11-08 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-20 20:48 - 2015-03-12 17:48 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-20 20:46 - 2015-03-12 17:48 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-20 20:43 - 2015-03-12 17:48 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-08-19 23:24 - 2012-03-17 21:45 - 00000000 ____D C:\Users\Speed X8\AppData\Roaming\Mumble
2015-08-19 18:55 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-19 18:33 - 2015-04-19 12:30 - 00000000 __SHD C:\Users\Speed X8\AppData\Local\EmieBrowserModeList
2015-08-19 18:33 - 2014-06-10 22:53 - 00000000 __SHD C:\Users\Speed X8\AppData\Local\EmieUserList
2015-08-19 18:33 - 2014-06-10 22:53 - 00000000 __SHD C:\Users\Speed X8\AppData\Local\EmieSiteList
2015-08-19 16:34 - 2014-01-14 15:10 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-08-19 16:32 - 2014-01-14 15:07 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-18 19:43 - 2012-03-14 14:10 - 00000000 ____D C:\Users\Speed X8
2015-08-14 21:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 20:32 - 2012-03-15 06:04 - 00000000 ____D C:\Windows\Panther
2015-08-14 20:28 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-12 10:22 - 2009-07-14 05:45 - 00290992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 10:19 - 2014-12-12 17:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 10:19 - 2014-05-07 00:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 00:37 - 2013-03-14 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 00:36 - 2013-03-14 00:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 00:36 - 2013-03-14 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 00:32 - 2014-08-29 11:22 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 00:26 - 2014-08-29 11:22 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 21:59 - 2012-03-30 13:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 21:59 - 2012-03-30 13:20 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 21:59 - 2012-03-22 20:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-10 11:07 - 2015-04-24 10:45 - 00000000 ____D C:\Users\Speed X8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-10 10:36 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-04 10:48 - 2012-06-03 15:42 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-08-03 12:12 - 2012-06-28 11:58 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-31 18:45 - 2014-05-17 18:29 - 00000000 ____D C:\Users\Speed X8\AppData\Roaming\.minecraft
 
==================== Files in the root of some directories =======
 
2015-05-23 23:43 - 2015-05-23 23:43 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-06-17 18:22 - 2013-06-17 18:21 - 0001160 _____ () C:\Users\Speed X8\AppData\Roaming\mods - Shortcut.lnk
2014-06-28 18:47 - 2015-04-25 22:19 - 0002031 _____ () C:\Users\Speed X8\AppData\Roaming\SpeedRunnersLog.txt
2015-04-25 22:20 - 2015-04-25 22:21 - 0002608 _____ () C:\Users\Speed X8\AppData\Roaming\TargetInvocationLog.txt
2013-06-17 18:22 - 2013-06-17 18:23 - 0047104 ___SH () C:\Users\Speed X8\AppData\Roaming\Thumbs.db
2013-09-30 09:34 - 2013-09-30 09:34 - 0000097 _____ () C:\Users\Speed X8\AppData\Roaming\WB.CFG
2012-05-03 12:12 - 2012-05-03 12:12 - 0000532 _____ () C:\Users\Speed X8\AppData\Local\datos.txt
2015-04-25 14:36 - 2015-04-25 14:36 - 0006605 _____ () C:\Users\Speed X8\AppData\Local\recently-used.xbel
2014-08-31 23:22 - 2014-08-31 23:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-08-20 09:42 - 2015-08-20 09:42 - 0001504 _____ () C:\ProgramData\tempimage.bmp
 
Some files in TEMP:
====================
C:\Users\Speed X8\AppData\Local\Temp\java-installer.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-14 21:22
 
==================== End of FRST.txt ============================

  • 0

#29
Alkalidum
Posted 24 August 2015 - 01:40 PM

Alkalidum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Speed X8 (2015-08-24 20:37:08)
Running from C:\Users\Speed X8\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-975855429-1586840072-3018677650-500 - Administrator - Disabled)
Guest (S-1-5-21-975855429-1586840072-3018677650-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-975855429-1586840072-3018677650-1003 - Limited - Enabled)
Speed X8 (S-1-5-21-975855429-1586840072-3018677650-1000 - Administrator - Enabled) => C:\Users\Speed X8
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
AChat 1.18 (HKLM-x32\...\AChat_is1) (Version:  - AChat Animation Studios)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Airline Tycoon 2 (HKLM-x32\...\Steam App 201490) (Version:  - )
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - )
Antares Auto-Tune 7 VST (HKLM\...\{8E7715AA-E19B-44E8-AE4C-FB5B37B7E2D9}) (Version: 7.05.0004 - Antares Audio Technologies)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2 Dedicated Server (HKLM-x32\...\Steam App 33905) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead - Dedicated Server (HKLM-x32\...\Steam App 33935) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Auto-Tune EFX 2 (HKLM\...\{CCF89E7D-8BFC-4B3C-8C9C-8C4E9EF8BA45}) (Version: 2.1 - Antares Audio Technologies)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)
Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version:  - 2Play)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnInTest v7.0 Pro (HKLM\...\BurnInTest_is1) (Version: 7.0 - Passmark Software)
Carmageddon: Reincarnation (HKLM-x32\...\Steam App 249380) (Version:  - Stainless Games Ltd)
Castle Story (HKLM-x32\...\Steam App 227860) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3721 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6210 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1423 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3518.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{BAD8395E-CE31-44AA-B9FE-A14FCD0ABE4A}) (Version: 0.9.110 - Dotjosh Studios)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
DUNGEONS - Steam Special Edition (HKLM-x32\...\Steam App 57650) (Version:  - Realmforge Studios)
DUNGEONS - The Dark Lord (Steam Special Edition) (HKLM-x32\...\Steam App 200550) (Version:  - )
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version:  - )
Dustforce (HKLM-x32\...\Steam App 65300) (Version:  - Hitbox Team)
Easy Tune 6 B11.0630.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0630.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FaceTrackNoIR version 1.7 (HKLM-x32\...\FaceTrackNoIR_is1) (Version: 1.7 - FaceTrackNoIR Team)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FreeTrack v2.2.0.279 (HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\FreeTrack v2.2.0.279) (Version:  - )
From Dust (HKLM-x32\...\Steam App 33460) (Version:  - )
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Game Dev Tycoon version 1.3.2 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.3.2 - Greenheart Games Pty. Ltd.)
GameFly (HKLM-x32\...\GameFly) (Version: 1.2.378 - GameFly, Inc.)
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
Gauntlet™  (HKLM-x32\...\Steam App 258970) (Version:  - Arrowhead Game Studios)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hidden in Plain Sight (HKLM-x32\...\Steam App 303590) (Version:  - Adam Spragg)
Hyrule Total War 3 Patch (HKLM-x32\...\{90D07AB1-663A-4F45-8BB8-E0763C8C8D1A}) (Version: 1.0.0 - Parallel Process)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
join.me (HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\JoinMe) (Version: 1.17.1.162 - LogMeIn, Inc.)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Kingsoft Spreadsheets  (8.1.0.3030) (HKLM-x32\...\Kingsoft Spreadsheets) (Version: 8.1.0.3030 - Kingsoft Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Magic The Gathering Online  (HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\9f2df17776476c05) (Version: 3.4.77.332 - Wizards of the Coast)
Magic: The Gathering - Duels of the Planeswalkers (HKLM-x32\...\Steam App 49400) (Version:  - Stainless Games Ltd)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
March of War: Face Off (HKLM-x32\...\Steam App 323900) (Version:  - ISOTX)
Marvel Heroes (HKLM-x32\...\marvelheroesbeta) (Version: 1.8.0.302 - Gazillion Entertainment)
Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version:  - )
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Mashed (HKLM-x32\...\Steam App 281280) (Version:  - Supersonic Software)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mini Metro (HKLM-x32\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Mirroring360 (HKLM-x32\...\{2143C7CF-6CBA-4513-AC73-D410DEC57BFC}) (Version: 1.2.0.4 - Splashtop Inc.)
MNR -2litres - Horndean (HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\MNR -2litres - Horndean) (Version:  - )
Mobiloid Demo (HKLM-x32\...\IndieCity-{43591a95-bcfd-478c-86ca-003a99d5ae0b}) (Version:  - Montrezina)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mortal Kombat Kollection (HKLM-x32\...\Steam App 205350) (Version:  - Other Ocean Interactive)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Taleworlds Entertainment)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NBTExplorer (HKLM-x32\...\{06107EDA-5B85-4CEC-AB1E-8350DEC15231}) (Version: 2.7.4.0 - Justin Aquadro)
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Ninja Loader (HKLM-x32\...\Ninja Loader) (Version: 198.0.0.605 - CLICK YES BELOW LP)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Orcs Must Die 2 Workshop Tool (HKLM-x32\...\Steam App 242150) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - )
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version:  - Gameforge 4D GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22479 - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version:  - PopCap)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version:  - PopCap)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Primal Carnage (HKLM-x32\...\Steam App 215470) (Version:  - )
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Razer Surround Driver Installer version 1.5 (HKLM-x32\...\{11B11FA5-41ED-43C1-AB4B-905DDEDC72A2}_is1) (Version: 1.5 - inXile Entertainment)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
RollerCoaster Tycoon 2: Triple Thrill Pack (HKLM-x32\...\Steam App 285330) (Version:  - Chris Sawyer Productions)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
RPG Maker XP (HKLM-x32\...\RPG Maker XP_is1) (Version: 1.04 - Enterbrain)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SecondLifeBetaViewer (remove only) (HKLM-x32\...\SecondLifeBetaViewer) (Version:  - )
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Shatter (HKLM-x32\...\Steam App 20820) (Version:  - Sidhe)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)
Silent Storm (HKLM-x32\...\Steam App 254960) (Version:  - Nival)
Silent Storm Sentinels (HKLM-x32\...\Steam App 254980) (Version:  - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version:  - )
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tenda Wireless LAN Card (HKLM-x32\...\{192BCCC6-C47B-4473-B187-5164185A413C}) (Version: 1.0.0.0 - Tenda)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
TerraTech Demo (HKLM-x32\...\Steam App 313990) (Version:  - Payload Studios)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - )
Total War: Arena (HKLM-x32\...\Steam App 227520) (Version:  - Creative Assembly)
Towns (HKLM-x32\...\Steam App 221020) (Version:  - )
Toy Soldiers (HKLM-x32\...\Steam App 98300) (Version:  - Signal Studios)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - )
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-975855429-1586840072-3018677650-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version:  - )
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic)
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Ino-Co Plus)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10650 - WinZip Computing, S.L. )
Wizorb (HKLM-x32\...\Steam App 207420) (Version:  - )
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version:  - Team17 Digital Ltd)
Worms Reloaded Demo (HKLM-x32\...\Steam App 22690) (Version:  - Team17)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
21-08-2015 10:59:16 JRT Pre-Junkware Removal
22-08-2015 12:10:10 Restore Point Created by FRST
22-08-2015 21:20:01 Restore Point Created by FRST
22-08-2015 21:51:35 Malwarebytes Anti-Rootkit Restore Point
24-08-2015 09:05:04 Restore Point Created by FRST
24-08-2015 09:11:57 Removed Java™ 6 Update 39 (64-bit)
24-08-2015 09:13:26 Removed Java™ 6 Update 39
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-08-22 12:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0793DEB0-D40C-4788-9C44-C530DE22B040} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {1531C316-5DD4-43F5-8BB7-D1094259E97B} - System32\Tasks\{286FED16-89AD-41FA-B336-C878763B2EBC} => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2012-03-20] (www.motioninjoy.com)
Task: {1C28571E-B8F9-4751-9B62-5DCACC1EBBE1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1D855AD1-E04A-4E97-B733-8256DD0834C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {351EED9F-F898-461A-8A89-2F1F96EAE91B} - System32\Tasks\{015CF1CB-F6C9-49FB-A90E-982A10B08A69} => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2012-03-20] (www.motioninjoy.com)
Task: {49CB8988-1A24-440D-88C0-19C4AFBEC1BC} - System32\Tasks\{0807DA71-B6F4-49B9-BBB0-E0854F2ABFC0} => C:\Program Files (x86)\Mumble\mumble.exe [2013-06-02] (Thorvald Natvig)
Task: {69C2FB89-A68C-41D5-B6A8-AF1028C409C0} - System32\Tasks\{9289B819-C4CD-43A3-953F-675C1133513F} => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2012-03-20] (www.motioninjoy.com)
Task: {6E04465B-6C12-4E56-93B0-2AB6FB9A0C7A} - System32\Tasks\{A03ADA05-3C49-42AF-9AA8-4F4D4799D68B} => pcalua.exe -a "C:\Users\Speed X8\Downloads\HorndeanRX.exe" -d "C:\Users\Speed X8\Downloads"
Task: {7FD075DA-E5A1-4DD6-BB1C-AEFB8DBF07C1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {83D175D2-F77D-4A18-AF1E-FF5C3F70A2A7} - System32\Tasks\{B42D7871-5D2F-4356-A274-9660481C2BAF} => pcalua.exe -a "C:\Users\Speed X8\Desktop\New folder (2)\BUNNYUST.EXE" -d "C:\Users\Speed X8\Desktop\New folder (2)"
Task: {9473A819-07C7-4DE4-A5A9-D2E85121F58B} - System32\Tasks\{139121BD-9416-43B4-96AF-F08644BB5F77} => pcalua.exe -a "C:\Users\Speed X8\Desktop\JX^€Ch3D\Installer.exe" -d "C:\Users\Speed X8\Desktop\JX^€Ch3D"
Task: {9876CA81-F86B-4066-ADAF-F2113D0B9E96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {9A166EB4-E047-4F95-A1D7-3E93A73322C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A06419F4-D3A9-4255-A4FA-72451E12A59B} - System32\Tasks\{35EFDB9A-0F99-4935-81C2-571069624150} => pcalua.exe -a "C:\Users\Speed X8\Downloads\forge-1.7.2-10.12.1.1075-installer-win.exe" -d "C:\Users\Speed X8\Downloads"
Task: {AA6DB421-83C3-446D-B99F-6F4D648F5C9C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B2760364-CF81-4BDB-B568-B1ABF51C49AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {B4B6995A-60FD-4CF8-9BDE-CDE10962C7B2} - System32\Tasks\{94946A22-1B4E-4768-8F4C-08540FEB21F6} => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2012-03-20] (www.motioninjoy.com)
Task: {C2CE4F4E-BE46-41CF-BBB8-EBE279108B47} - System32\Tasks\{9D8E0C13-765B-4D19-BC69-2137BE3AABFB} => pcalua.exe -a "C:\Users\Speed X8\Downloads\forge-1.7.2-10.12.1.1060-installer-win.exe" -d "C:\Users\Speed X8\Downloads"
Task: {CFB3BA4B-8C6A-4783-BB44-B320D35B5063} - System32\Tasks\{1A4338B1-89FF-4018-B394-19B364430E88} => C:\Program Files (x86)\Mumble\mumble.exe [2013-06-02] (Thorvald Natvig)
Task: {DD959D27-44EE-4B06-A828-F9132D437B3B} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {F1CF0726-424C-4A74-BF6A-D135AFABC4CE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F2A84BEA-2943-4CDA-920D-AE96FDA71A3E} - \ToolsUpdatePlatform_ScheduledTask -> No File <==== ATTENTION
Task: {FBF6EAD0-1555-45C6-8525-F36E7BE6394E} - System32\Tasks\{49BC5B3B-F531-493B-BB3D-34464A9E50E3} => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2012-03-20] (www.motioninjoy.com)
Task: {FC6E5ED8-4083-42BD-B512-A8100B08055E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-20] (AVAST Software)
Task: {FC88C451-A7A0-4EA4-94B3-E6F839EEA182} - System32\Tasks\WpsUpdateTask_Speed X8 => C:\Program Files (x86)\Kingsoft\Kingsoft Spreadsheets\office6\wpsupdate.exe [2013-06-05] (Kingsoft Corp. Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Speed X8.job => C:\Program Files (x86)\Kingsoft\Kingsoft Spreadsheets\office6\wpsupdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-04-08 00:19 - 2015-05-12 04:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-29 01:23 - 2013-08-29 01:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-15 18:59 - 2013-08-15 19:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-08-20 20:45 - 2015-08-20 20:45 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-20 20:44 - 2015-08-20 20:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-23 21:17 - 2015-08-23 21:17 - 02960896 _____ () C:\Program Files\AVAST Software\Avast\defs\15082301\algo.dll
2015-08-24 20:33 - 2015-08-24 20:33 - 02960896 _____ () C:\Program Files\AVAST Software\Avast\defs\15082404\algo.dll
2015-05-26 17:09 - 2015-05-23 02:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-22 15:00 - 2010-11-22 15:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-11-22 15:00 - 2010-11-22 15:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-11-22 15:00 - 2010-11-22 15:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-03-14 14:18 - 2010-02-09 11:52 - 33735976 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-08-19 19:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-19 19:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-19 19:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2015-08-19 19:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-19 19:50 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-12 17:47 - 2015-03-12 17:48 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-21 23:42 - 2015-08-18 06:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 23:42 - 2015-08-18 06:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-975855429-1586840072-3018677650-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Speed X8\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5D34EECB-21D4-424D-9DE7-470712A2D3D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{36BD4955-5723-430F-8244-E9B4B1A7CAA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{8C612AE7-408B-4B57-870C-6AE8C44A6123}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{575E7D19-5070-461A-8D98-F0752F9E0137}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{1C8ABCAF-A7A7-4596-94EF-A1C804727180}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{AF18E4BD-032C-422C-B40A-CEA8723ED12D}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{92BA3D5F-F326-4BAC-B9AD-B7C49096CBDB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{202E6A75-0D39-40C2-B324-709952A37C33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{E325BA99-B97F-44BE-8507-FE6E3C15671B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{32991B09-DA94-48AE-94F0-0B3C6148190B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{96984B82-FFC6-4F72-A9C9-7CB3D9CA72D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{96B02AA7-A8D4-4DA2-95E3-9158A9589C8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{85544358-43FE-4C67-BF69-781FBF443ECF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{2B1EC88A-34A2-4F00-B3FD-C203BDE3DD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\March of WarFace Off\game.exe
FirewallRules: [{C88CDA11-419A-44D8-A146-F0FEBF250652}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\March of WarFace Off\game.exe
FirewallRules: [{360D43A4-2713-4700-B4E4-4F2C6AE10573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{DD93EA47-6DC9-40E6-8333-0D5ACCAF19BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{4633DDED-2DCE-4F8F-87AA-F5107A45E2B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{B8C661C1-82D2-42CC-8D6E-B6ABB6A044A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{D8D7F778-7918-4084-9500-8C8136CE83D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDEED219-9CCE-4746-BEED-0C8D31F621C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: H:\
Description: CardReader MS   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: USB2.0  
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: I:\
Description: CardReader SD   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: USB2.0  
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: F:\
Description: CardReader CF   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: USB2.0  
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2015 08:30:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 09:05:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {339d327e-f5c7-4fae-a12c-1b4d7f429f7c}
 
Error: (08/24/2015 08:54:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 12:08:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/24/2015 12:08:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: ONLINE~1.OCX_unloaded, version: 0.0.0.0, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x734008e0
Faulting process id: 0xd24
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/23/2015 09:18:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 10:54:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 09:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 09:20:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f0483efc-e37c-4e96-aa59-60c88120cfe4}
 
Error: (08/22/2015 08:33:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (08/24/2015 08:30:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (08/24/2015 08:30:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (08/24/2015 08:30:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (08/24/2015 08:30:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (08/24/2015 08:29:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
Error: (08/24/2015 08:29:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: 
%%2
 
Error: (08/24/2015 08:28:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/24/2015 08:54:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (08/24/2015 08:54:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (08/24/2015 08:53:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
 
Microsoft Office:
=========================
Error: (08/24/2015 08:30:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 09:05:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {339d327e-f5c7-4fae-a12c-1b4d7f429f7c}
 
Error: (08/24/2015 08:54:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 12:08:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (08/24/2015 12:08:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1793755a7f8daONLINE~1.OCX_unloaded0.0.0.055546935c0000005734008e0d2401d0dde189f1bc46C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEONLINE~1.OCXe46f7e69-49eb-11e5-b267-50e54946680c
 
Error: (08/23/2015 09:18:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 10:54:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 09:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 09:20:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f0483efc-e37c-4e96-aa59-60c88120cfe4}
 
Error: (08/22/2015 08:33:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files\CCleaner\CCleaner64.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16367.3 MB
Available physical RAM: 12483.36 MB
Total Virtual: 32732.81 MB
Available Virtual: 28688.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1324.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D2DB4A79)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
==================== End of FRST.txt ============================

  • 0

#30
pystryker
Posted 24 August 2015 - 05:01 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hey :)



PC is definitely booting up faster now, and seems like most of the other problems are solved, Its just the weird CPU usage now! lol


Hello :)

That's good to hear. :thumbsup: I see a couple of minor items that need to be removed, and I'd like to run Zoek on autoclean as our next steps. When you post the logs, please let me know if you're still getting the CPU spikes. If so, we may need to get the Hardware Techs to runs some tests.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
Task: {F2A84BEA-2943-4CDA-920D-AE96FDA71A3E} - \ToolsUpdatePlatform_ScheduledTask -> No File <==== ATTENTION
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Zoek


Please download zoek.exe to your Desktop:
  • On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • Give it a few seconds to appear
  • Click the Options button and place a checkmark only on the following options:
  • AutoClean
  • Now...
  • Close any open programs.
  • Click the Run script button, and wait.
  • It takes a few minutes to run.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed, the log is opened after the reboot.
  • Please post the zoek-results.log in your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

zoek-results.log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP