Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cloudscout and other pop-up windows in Chrome/IE [Solved]


  • This topic is locked This topic is locked

#1
FusionX

FusionX

    Member

  • Member
  • PipPip
  • 31 posts

Hi Geekstogo, I've been a happy "customer" of your malware removal before and unfortunately, I have need of your expertise again.

 

As I was surfing the web on my chrome browser earlier tonight, I suddenly noticed that on some webpages, various words were highlighted with weird popups if I hovered over them.  The popup would have various things but on the bottom it would have this "ad by cloudscout."  Additionally, even if I'm not clicking on those popups themselves, occasionally, when I left or right-click (or even use the scroll wheel functionality) on certain websites, I would get various popup windows.  I thought to myself, that's no good and proceeded to figure out what was going on.  Now I'm really not sure how I got it, I've been visiting the same websites I had previously with no issue and I generally have AVAST, adblock and ADP running which has kept me safe for a long time now by catching bad sites before anything gets installed without me knowing.  The only thing that's changed recently is that I bought a new phone (which is not rooted and therefore I don't have a good popup/ad preventer) so I've had some popups and ads whilst I was surfing and maybe I got something on my phone which is now syncing to my computer?  I'm not sure, but I actually haven't been getting any of the popups or links on my phone browser so...  Also, another thing that's changed recently is that I'm now away from wifi so all my internet surfing has been through tethering my phone and using mobile data on my laptop.

 

Either way, I've attempted to remove it by a few methods already which haven't worked.

 

I've run multiple malwarebytes scans which always shows up with something, whether it's PUP.optional.charmsavings or PUP.optional.pricepeep, it tends to find something everytime but can't seem to remove it permanently.

 

I've run an AVAST scan which was clean.

 

I've also looked on other websites and tried a program called rkill (which is supposed to terminate malicious processes which may hinder scans) as well as adwcleaner.  RKill never finds any malicious processes by the adwcleaner log did show a bunch of things removed.

 

In addition, I've also tried the chrome cleanup tool which never finds any programs to remove.  As a side effect of that and from reading, I have also reset both my chrome and IE browsers to their default multiple times as well.

 

Despite all this, the problem remains.  Even as I was trying to post here and download all that I needed, I kept getting popups and various words were still underlined by cloudscout.

 

Please help me, I would love to get rid of all this malware.

 

Thank you very much.  Attached below is my FRST and addition text log.

 

Sam

 

-----

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Sam (administrator) on SAM-LAPTOP (28-10-2015 21:44:44)
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available Profiles: Sam)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Flux Software LLC) C:\Users\Sam\AppData\Local\FluxSoftware\Flux\flux.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
(Microsoft) C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Valve Corporation) E:\Games\Steam\Steam.exe
(Valve Corporation) E:\Games\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Games\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-17] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [DeLay] => C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-15] (NVIDIA Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [609640 2013-05-21] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-03] (AVAST Software)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [Google Update] => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [F.lux] => C:\Users\Sam\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [Steam] => E:\Games\Steam\steam.exe [2901584 2015-10-15] (Valve Corporation)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-21] (Google Inc.)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5105288 2014-10-15] (Plex, Inc.)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-12] (Glarysoft Ltd)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\MountPoints2: {a6ccc133-53f7-11e2-9f33-0090f5d28e5d} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\MountPoints2: {b45ae591-1a3c-11e2-bd4f-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\MountPoints2: {cffb711a-78ea-11e4-8763-00ace0a6ac0b} - G:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2012-10-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2012-10-19]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1CDE9616-4923-4FBA-990F-DD879FE800D8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{27720D69-1C12-4A28-8D51-BCD7731CAD75}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-2709128837-507867002-96114694-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-18] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2014-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2010-10-26] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2010-10-26] (Fortinet Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2709128837-507867002-96114694-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2709128837-507867002-96114694-1000: @talk.google.com/O1DPlugin -> C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2709128837-507867002-96114694-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sam\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2709128837-507867002-96114694-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sam\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2709128837-507867002-96114694-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-13] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Sam\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sam\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-03] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox","hxxps://www.facebook.com/groups/357008221035467/","hxxps://co1prd0113.outlook.com/owa/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (FortiClient SSL VPN CacheClean Service) - C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
CHR Plugin: (FortiClient SSL VPN Tunnel Service) - C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Sam\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Profile: C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-08]
CHR Extension: (YouTube) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Cast) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-27]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-10-28]
CHR Extension: (Google Search) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-16]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-10-28]
CHR Extension: (AdBlock) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (Avast Online Security) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-09-02] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (Stealthy) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2014-02-09]
CHR Extension: (Up) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohgglcbddjknnemakghbjadinmopafl [2014-02-27]
CHR Extension: (StayFocusd) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-11-08]
CHR Extension: (tinyFilter - Reliable Content Filtering) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Bastion) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2012-10-19]
CHR Extension: (Gmail) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-03] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-03] (Avast Software)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-15] (BitRaider, LLC)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [703080 2010-10-26] (Fortinet Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-15] (NVIDIA Corporation)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-26] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-25] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4241920 2013-05-18] (A-Volute) [File not signed]
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-03] (AVAST Software)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-05-15] (BitRaider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-03-04] (Glarysoft Ltd)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2009-02-26] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-14] (Marvell Semiconductor, Inc.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0054.sys [28768 2013-10-29] (SoftEther Project at University of Tsukuba, Japan.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-03] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-18] (Windows ® Win 7 DDK provider)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-18] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-03] (Avast Software)
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-28 21:44 - 2015-10-28 21:44 - 00027092 _____ C:\Users\Sam\Desktop\FRST.txt
2015-10-28 21:44 - 2015-10-28 21:44 - 00000000 ____D C:\FRST
2015-10-28 21:43 - 2015-10-28 21:43 - 02197504 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2015-10-28 20:49 - 2015-10-28 20:49 - 00002592 _____ C:\Users\Sam\Desktop\Rkill.txt
2015-10-28 20:32 - 2015-10-28 21:02 - 00000000 ____D C:\AdwCleaner
2015-10-28 20:31 - 2015-10-28 20:49 - 00000000 ____D C:\Users\Sam\Desktop\Malware stuff
2015-10-28 19:53 - 2015-10-28 21:33 - 00000743 _____ C:\Users\Sam\Desktop\debug.log
2015-10-15 14:55 - 2015-09-19 05:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 14:55 - 2015-09-19 05:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 14:55 - 2015-09-19 05:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 14:55 - 2015-09-19 05:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 14:55 - 2015-09-19 05:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 14:55 - 2015-09-19 05:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 14:55 - 2015-09-19 05:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-15 04:54 - 2015-10-15 04:54 - 00000000 ____D C:\Windows\rescache
2015-10-14 17:24 - 2015-09-26 04:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 17:24 - 2015-09-26 04:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 17:24 - 2015-09-26 04:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 17:24 - 2015-09-26 04:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 17:24 - 2015-09-26 04:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 17:24 - 2015-09-26 04:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 17:24 - 2015-09-26 04:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 17:24 - 2015-09-26 04:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 17:24 - 2015-09-26 04:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 17:24 - 2015-09-26 04:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 17:24 - 2015-09-26 04:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 17:24 - 2015-09-26 03:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 17:24 - 2015-09-26 03:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 17:24 - 2015-09-26 03:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 17:24 - 2015-09-26 03:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 17:24 - 2015-09-26 03:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 17:24 - 2015-09-19 05:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 17:24 - 2015-09-19 04:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 17:24 - 2015-09-16 14:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 17:24 - 2015-09-16 14:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 17:24 - 2015-09-16 14:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 17:24 - 2015-09-16 14:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 17:24 - 2015-09-16 14:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 17:24 - 2015-09-16 14:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 17:24 - 2015-09-16 14:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 17:24 - 2015-09-16 14:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 17:24 - 2015-09-16 14:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 17:24 - 2015-09-16 14:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 17:24 - 2015-09-16 14:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 17:24 - 2015-09-16 14:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 17:24 - 2015-09-16 14:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 17:24 - 2015-09-16 14:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 17:24 - 2015-09-16 14:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 17:24 - 2015-09-16 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 17:24 - 2015-09-16 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 17:24 - 2015-09-16 14:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 17:24 - 2015-09-16 13:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 17:24 - 2015-09-16 13:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 17:24 - 2015-09-16 13:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 17:24 - 2015-09-16 13:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 17:24 - 2015-09-16 13:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 17:24 - 2015-09-16 13:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 17:24 - 2015-09-16 13:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 17:24 - 2015-09-16 13:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 17:24 - 2015-09-16 13:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 17:24 - 2015-09-16 13:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 17:24 - 2015-09-16 13:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 17:24 - 2015-09-16 13:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 17:24 - 2015-09-16 13:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 17:24 - 2015-09-16 13:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 17:24 - 2015-09-16 13:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 17:24 - 2015-09-16 13:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 17:24 - 2015-09-16 13:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 17:24 - 2015-09-16 13:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 17:24 - 2015-09-16 13:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 17:24 - 2015-09-16 13:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 17:24 - 2015-09-16 13:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 17:24 - 2015-09-16 13:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 17:24 - 2015-09-16 13:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 17:24 - 2015-09-16 13:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 17:24 - 2015-09-16 13:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 17:24 - 2015-09-16 13:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 17:24 - 2015-09-16 13:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 17:24 - 2015-09-16 13:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 17:24 - 2015-09-16 13:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 17:24 - 2015-09-16 13:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 17:24 - 2015-09-16 13:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 17:24 - 2015-09-16 13:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 17:24 - 2015-09-16 13:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 17:24 - 2015-09-16 13:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 17:24 - 2015-09-16 12:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 17:24 - 2015-09-16 12:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 17:24 - 2015-09-16 12:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 17:24 - 2015-09-16 12:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 17:24 - 2015-09-16 12:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 17:24 - 2015-09-16 12:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 17:24 - 2015-09-16 12:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 17:24 - 2015-09-16 12:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 17:24 - 2015-09-16 12:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 17:24 - 2015-09-16 12:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 17:24 - 2015-08-07 04:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 17:24 - 2015-08-07 04:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 17:24 - 2015-08-07 03:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 17:24 - 2015-08-07 03:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 17:23 - 2015-10-02 04:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 17:23 - 2015-10-02 04:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 17:23 - 2015-10-02 04:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 17:23 - 2015-10-02 04:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 17:23 - 2015-10-02 04:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 17:23 - 2015-10-02 04:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 17:23 - 2015-10-02 04:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 17:23 - 2015-10-02 03:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 17:23 - 2015-10-02 03:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 17:23 - 2015-09-29 13:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 17:23 - 2015-09-29 13:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 17:23 - 2015-09-29 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 17:23 - 2015-09-29 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 17:23 - 2015-09-29 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 17:23 - 2015-09-29 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 17:23 - 2015-09-29 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 17:23 - 2015-09-29 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 17:23 - 2015-09-29 13:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 17:23 - 2015-09-29 13:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 17:23 - 2015-09-29 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 17:23 - 2015-09-29 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 17:23 - 2015-09-29 13:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 17:23 - 2015-09-29 12:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 17:23 - 2015-09-29 12:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 17:23 - 2015-09-29 12:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 17:23 - 2015-09-29 12:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 17:23 - 2015-09-29 12:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 17:23 - 2015-09-29 12:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 17:23 - 2015-09-29 12:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 17:23 - 2015-09-29 12:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 17:23 - 2015-09-29 12:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 17:23 - 2015-09-29 12:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 17:23 - 2015-09-29 12:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 17:23 - 2015-09-29 12:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 17:23 - 2015-09-29 12:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 17:23 - 2015-09-29 12:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 17:23 - 2015-09-29 12:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 11:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 17:23 - 2015-09-29 11:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 17:23 - 2015-09-29 11:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 17:23 - 2015-09-29 11:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 17:23 - 2015-09-29 11:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 17:23 - 2015-09-29 11:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 11:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 11:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 17:23 - 2015-09-29 11:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 17:23 - 2015-09-16 04:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 17:23 - 2015-09-16 04:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 17:23 - 2015-09-16 04:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 17:23 - 2015-09-16 04:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 17:23 - 2015-09-16 04:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 17:23 - 2015-09-16 04:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 17:23 - 2015-09-16 04:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 17:23 - 2015-09-16 04:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 17:23 - 2015-09-16 04:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 17:23 - 2015-09-16 03:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 17:23 - 2015-09-16 03:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 17:23 - 2015-09-16 03:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 17:23 - 2015-09-16 03:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 17:23 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-10 13:31 - 2015-10-12 19:55 - 00000000 ____D C:\Users\Sam\Desktop\Hockey streaming
2015-10-08 18:20 - 2015-10-11 20:23 - 00000000 ____D C:\Users\Sam\Desktop\WhatsApp
2015-10-05 13:05 - 2015-10-05 13:05 - 00052128 _____ C:\Users\Sam\Desktop\image.jpeg
2015-10-03 00:50 - 2015-10-03 00:50 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-03 00:50 - 2015-10-03 00:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-30 23:29 - 2015-09-30 23:29 - 00000000 ____D C:\ProgramData\Curse Client
2015-09-30 23:26 - 2015-09-30 23:29 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Curse Advertising
2015-09-30 23:26 - 2015-09-30 23:26 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-09-29 22:28 - 2015-09-29 22:28 - 00005095 _____ C:\FCA9A89B5D3DBEBEA2C244D108AF2BC5.rf
2015-09-29 22:28 - 2015-09-29 22:28 - 00003360 _____ C:\stat.txt
2015-09-29 22:28 - 2015-09-29 22:28 - 00002665 _____ C:\63BF7DB19E7833E1D23F2E5434C07C35.rf
2015-09-29 22:28 - 2015-09-29 22:28 - 00002371 _____ C:\AA88C5DC26DE6F4D341FB90C41DF90DF.rf
2015-09-29 22:28 - 2015-09-29 22:28 - 00000682 _____ C:\0CE56368E40E128F910FCE80AC154429.rf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-28 21:28 - 2012-10-20 15:00 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Skype
2015-10-28 21:11 - 2012-10-19 15:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 21:11 - 2009-07-14 14:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-28 21:11 - 2009-07-14 14:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-28 21:07 - 2012-10-19 15:35 - 01550299 _____ C:\Windows\WindowsUpdate.log
2015-10-28 21:07 - 2009-07-14 15:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-28 21:04 - 2015-03-04 22:31 - 00000328 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-10-28 21:04 - 2012-10-19 15:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-28 21:03 - 2015-09-27 19:54 - 00020920 _____ C:\Windows\PFRO.log
2015-10-28 21:03 - 2015-09-19 15:22 - 00004674 _____ C:\Windows\setupact.log
2015-10-28 21:03 - 2015-08-13 08:25 - 00000000 ____D C:\ProgramData\Kodak
2015-10-28 21:03 - 2012-10-19 15:52 - 00000000 ____D C:\Windows\Snapshot
2015-10-28 21:03 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-28 21:01 - 2012-10-28 10:14 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709128837-507867002-96114694-1000UA.job
2015-10-28 20:49 - 2014-11-02 20:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-28 20:28 - 2012-10-19 16:44 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-28 20:27 - 2012-11-03 10:12 - 00000000 ____D C:\Windows\Minidump
2015-10-28 00:01 - 2012-10-28 10:14 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709128837-507867002-96114694-1000Core.job
2015-10-20 19:29 - 2015-04-16 20:52 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-20 19:29 - 2014-05-08 08:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 15:00 - 2014-08-09 18:37 - 00000000 ____D C:\Users\Sam\Desktop\Canada residency
2015-10-15 14:58 - 2012-10-19 15:35 - 00000000 ____D C:\Users\Sam
2015-10-15 03:30 - 2012-10-20 15:00 - 00000000 ____D C:\ProgramData\Skype
2015-10-15 03:28 - 2012-10-19 16:33 - 00000000 ____D C:\Users\Sam\AppData\Roaming\tixati
2015-10-15 03:13 - 2012-10-20 00:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 03:12 - 2013-07-23 07:43 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 03:06 - 2012-10-20 15:20 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-15 03:04 - 2009-07-14 12:34 - 00000834 _____ C:\Windows\win.ini
2015-10-14 22:55 - 2015-03-04 22:31 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-10-14 20:41 - 2013-06-22 19:49 - 00000000 ____D C:\Users\Sam\AppData\Roaming\vlc
2015-10-11 18:55 - 2015-05-02 21:17 - 00000000 ____D C:\Users\Sam\Documents\Finances
2015-10-10 13:30 - 2015-04-13 19:13 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-08 22:35 - 2015-04-05 08:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 22:31 - 2015-04-05 08:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-03 23:15 - 2012-10-19 15:57 - 00000000 ____D C:\Users\Sam\AppData\Local\Deployment
2015-10-03 00:50 - 2015-08-26 10:43 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-10-03 00:50 - 2014-10-03 22:29 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-03 00:50 - 2014-10-03 22:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-03 00:50 - 2013-04-25 08:33 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-03 00:50 - 2013-04-25 08:33 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-03 00:50 - 2012-10-19 16:44 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-03 00:50 - 2012-10-19 16:44 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-03 00:50 - 2012-10-19 16:44 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-03 00:50 - 2012-10-19 16:44 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-29 22:27 - 2015-09-26 02:38 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2015-09-29 07:41 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-07-18 20:37 - 2014-07-18 20:37 - 0007605 _____ () C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Sam\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Sam\AppData\Local\Temp\sqlite3.dll
C:\Users\Sam\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-21 18:33
 
==================== End of FRST.txt ============================
 
-----
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Sam (2015-10-28 21:45:08)
Running from C:\Users\Sam\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-19 05:35:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2709128837-507867002-96114694-500 - Administrator - Disabled)
Guest (S-1-5-21-2709128837-507867002-96114694-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2709128837-507867002-96114694-1002 - Limited - Enabled)
Sam (S-1-5-21-2709128837-507867002-96114694-1000 - Administrator - Enabled) => C:\Users\Sam
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.4.2233 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version:  - BisonCam)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02026 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02026 - Cisco Systems, Inc.) Hidden
CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)
Curse Client (HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
f.lux (HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\Flux) (Version:  - )
Final Fantasy VIII (HKLM-x32\...\Final Fantasy VIII_is1) (Version:  - )
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
FortiClient SSL VPN v4.0.2085 (HKLM-x32\...\{A34DCE59-0004-0000-2085-3F8A9926B752}) (Version: 4.0.2085 - Fortinet Inc.)
Foxit PhantomPDF Business (HKLM-x32\...\{C346E068-1C3E-4834-81E5-89FDDD84E4B5}) (Version: 6.1.1.1025 - Foxit Corporation)
Free YouTube Downloader 4.1.400 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Glary Utilities 5.19 (HKLM-x32\...\Glary Utilities 5) (Version: 5.19.0.32 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey 6.0045 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0045 - NoteBook)
Hotkey 6.0045 (x32 Version: 6.0045 - NoteBook) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy ds3 driver version 0.5.0002 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.0002 - www.motioninjoy.com)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ObjectDock Plus 2 (HKLM-x32\...\ObjectDock Plus 2) (Version: 1.00 - Stardock Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.4.2 (64-bit) (HKLM\...\{cd723946-09c1-38d3-8542-732ba931e9ef}) (Version: 3.4.2150 - Python Software Foundation)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.08.20 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.10.6 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Snapshot Viewer (HKLM-x32\...\Snapshot Viewer) (Version:  - )
Stardock Software (x32 Version: 1.00 - Stardock Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Longest Journey (HKLM-x32\...\The Longest Journey_is1) (Version:  - GOG.com)
The Secret World (HKLM-x32\...\Steam App 215280) (Version:  - Funcom)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
ViPER4Windows version 1.0.5 (HKLM\...\{1A0B530D-277E-4735-8A36-65DCF7E157CB}_is1) (Version: 1.0.5 - ViPERs Audio, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.04 - WebCam)
WebCam Installer (x32 Version: 4.04 - WebCam) Hidden
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2709128837-507867002-96114694-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2709128837-507867002-96114694-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-10-2015 19:02:24 Scheduled Checkpoint
24-10-2015 16:07:47 Windows Update
27-10-2015 16:26:57 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2014-10-15 10:44 - 00000916 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 auth1.lavishsoft.com
127.0.0.1 auth2.lavishsoft.com
127.0.0.1 nlsk.neulion.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F4E5D09-A299-42FA-B939-F8A2CE4F26E1} - System32\Tasks\{EFCE0FCB-1A7F-4573-8503-23E08FD31928} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/en/go/help.faq.installer?LastError=1603
Task: {2F6E3BBF-C9BC-42D5-9AC7-44E92DA1F137} - System32\Tasks\{21B8DEB6-37C3-4489-841A-29F9478D656C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1603
Task: {38E18704-3EC5-408F-8212-2ADD4F0B8659} - System32\Tasks\{22C88498-2E55-4AB2-BD99-1D91F58569EB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/en/go/help.faq.installer?LastError=1603
Task: {61308311-DE62-4DE1-9248-DF7DCB61889D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {639E67E2-B523-4E73-B3BE-578D02B11569} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {6D8BEF1D-1E7A-4172-B0BE-A09DFAE6C40D} - System32\Tasks\{4A119EC7-FD99-46B8-8581-C79330504DB2} => pcalua.exe -a C:\Games\PS2beta\Uninstaller.exe
Task: {784CC4EB-73C9-4474-914B-B830425E092D} - System32\Tasks\{F6438CFD-7F4F-40FE-8DC4-9627DD8AD74C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1603
Task: {ABF2E149-0EF8-41DA-869A-D53E7217414B} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-02-12] (Glarysoft Ltd)
Task: {B57187BB-18D4-425F-8E7B-4A88FDED0E8B} - System32\Tasks\{24918D2A-ABB0-4A7D-81E1-FD7CEE41EA2F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {C9C779DD-6849-462F-961E-0EF01ED026FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D1668015-7B6C-4F87-B4D5-386A623EAD9A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2709128837-507867002-96114694-1000Core => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D2A30D4D-856B-42CA-ADFE-57EB8B9C2F2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-03] (AVAST Software)
Task: {D6D43596-7F7B-4732-9F12-7F46737976D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2709128837-507867002-96114694-1000UA => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709128837-507867002-96114694-1000Core.job => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709128837-507867002-96114694-1000UA.job => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-06 22:56 - 2014-07-03 06:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-06 23:00 - 2014-07-03 04:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-19 16:48 - 2010-09-23 06:20 - 00776704 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.dll
2012-10-28 23:55 - 2010-10-14 10:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2015-08-16 08:39 - 2014-04-16 18:22 - 00029184 _____ () C:\Windows\System32\usp02l.dll
2012-10-28 23:55 - 2010-10-14 10:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-07-26 16:13 - 2014-07-26 16:13 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-02-18 15:57 - 2011-02-18 15:57 - 00035328 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2015-08-16 08:40 - 2014-11-26 21:07 - 00118576 _____ () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2012-10-19 15:50 - 2010-11-12 12:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-10-19 16:15 - 2012-02-14 11:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-11 12:12 - 2012-04-11 12:12 - 04727296 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2012-12-13 23:45 - 2012-12-13 23:45 - 00063560 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-10-03 00:50 - 2015-10-03 00:50 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-03 00:50 - 2015-10-03 00:50 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-28 16:34 - 2015-10-28 16:34 - 02997616 _____ () C:\Program Files\AVAST Software\Avast\defs\15102701\algo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-24 23:29 - 2015-07-15 05:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-06-06 22:56 - 2014-07-03 06:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-10-19 16:48 - 2010-10-01 11:50 - 00675840 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 01883784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2012-10-19 16:48 - 2012-10-19 16:49 - 00807936 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
2012-10-19 16:48 - 2010-03-10 07:58 - 00053760 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
2012-10-19 16:48 - 2010-03-10 07:58 - 00094208 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Clock\Clock.dll
2012-10-19 16:48 - 2010-10-07 07:55 - 00091544 _____ () C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Calendar\Calendar.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-10-03 00:50 - 2015-10-03 00:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-01 08:20 - 2015-10-06 02:18 - 00778752 _____ () E:\Games\Steam\SDL2.dll
2015-01-26 20:55 - 2015-07-04 02:12 - 04962816 _____ () E:\Games\Steam\v8.dll
2015-01-26 20:55 - 2015-07-04 02:12 - 01556992 _____ () E:\Games\Steam\icui18n.dll
2015-01-26 20:55 - 2015-07-04 02:12 - 01187840 _____ () E:\Games\Steam\icuuc.dll
2014-06-12 18:15 - 2015-10-15 06:56 - 02423376 _____ () E:\Games\Steam\video.dll
2014-08-29 10:04 - 2015-09-24 10:33 - 02549248 _____ () E:\Games\Steam\libavcodec-56.dll
2014-08-29 10:04 - 2015-09-24 10:33 - 00442880 _____ () E:\Games\Steam\libavutil-54.dll
2014-08-29 10:04 - 2015-09-24 10:33 - 00491008 _____ () E:\Games\Steam\libavformat-56.dll
2014-08-29 10:04 - 2015-09-24 10:33 - 00332800 _____ () E:\Games\Steam\libavresample-2.dll
2014-08-29 10:04 - 2015-09-24 10:33 - 00485888 _____ () E:\Games\Steam\libswscale-3.dll
2013-07-26 14:46 - 2015-10-15 06:56 - 00705104 _____ () E:\Games\Steam\bin\chromehtml.DLL
2015-07-22 21:22 - 2015-10-10 04:13 - 00193024 _____ () E:\Games\Steam\bin\openvr_api.dll
2013-07-15 14:32 - 2015-10-09 08:20 - 45010208 _____ () E:\Games\Steam\bin\libcef.dll
2015-01-26 20:54 - 2015-09-25 09:56 - 00119208 _____ () E:\Games\Steam\winh264.dll
2015-03-04 22:45 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Sam\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-04 22:45 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Sam\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-10-23 22:14 - 2015-10-21 00:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:85AA7074
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2709128837-507867002-96114694-1000\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2709128837-507867002-96114694-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{090054E9-EDB7-4AF3-B57D-3402C8EB3931}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{89F14D38-D5B3-4269-A6DE-43B4DD901FF5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{E9466B7C-EB46-4611-A53F-0A75F3CB6FEC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{2D499B05-D3DA-4FEC-B0B6-209DED3086C5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{57E1756F-BA2F-4EE1-B51D-2BB52B394DA4}] => (Allow) C:\Users\Sam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{60240DAB-E2E7-40A7-9E52-1B3F392BAE08}] => (Allow) C:\Users\Sam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{F66A1985-0682-4772-85F7-8A26DD821518}] => (Allow) C:\Users\Sam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E9C37EE0-53A9-4E7A-BCB6-E5BD03389563}] => (Allow) C:\Users\Sam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{3AD54800-8F8D-4E13-8BE5-68256092751D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{C8B244B2-79ED-4095-B831-6E2DEA971A46}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{7A80FB4A-4356-45B3-B936-9C6234FAABBF}C:\games\guild wars 2\gw2.exe] => (Allow) C:\games\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{F668C726-B752-414E-9622-8CE23D313524}C:\games\guild wars 2\gw2.exe] => (Allow) C:\games\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{398FFAD5-3446-4B2C-ADD0-671D759C94C6}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{ECB57DE6-C939-460D-BC88-513D9D92102D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{B4207808-DA66-4715-AEC0-E85FAF7232D4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{713C0C0A-5092-46C8-99F8-B42EE72DA467}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{4CD222F3-AED4-4CED-A019-828B6536DFEA}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{AF6C404A-4334-4D9F-808A-236BFF401775}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{CF8A1898-ECB2-4569-A4C7-0A216F4464D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{196D0907-2320-4460-96B8-DF2E81496AB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E8A0757C-2CD1-40EE-833A-0274B7E68607}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3593EED1-8D79-4EC4-BE64-021B96DC28C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3B898A6C-2C25-4D29-A91E-FBDE7CF6DC1E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98D428CC-0439-439D-84BA-F4AAEF0DFEFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D6CDC27B-0D61-472A-9680-E7ABF11FD433}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3119454F-9F1B-48C0-9E73-6D49B0940285}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9EF6ED4E-DB29-4B0A-BB8D-AF0706071802}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FC03C30-B56D-4B50-9E0C-A773B0098DDC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{62FF461A-468C-42C7-BDBA-E221E3958459}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E87E7FAC-64F4-4174-883E-840D429851A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F053D4B9-7AE4-458C-9765-244DC8CA936D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F3CBB918-1C22-402B-812E-4A0B4725235A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{67C319AB-C5B9-4046-8DA3-1CEFCAA066B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{99B1B5FE-B6D2-42AD-A7FF-EAF97978EDEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{87FF2360-B69A-449C-9431-19022E31F15B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB11E02C-3393-4325-AC62-9116C166DF24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9C7DB01B-A160-44FE-8A77-47B2B9FF06B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FCC3ABD1-78E1-49CE-AB02-A6E291A87788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06378882-BDD2-4885-906B-AB6FFCAC6F4A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0AA6753D-5684-4F52-BAE5-265826D02985}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{15BEACE1-F6B4-41F1-9663-4C764DBA5058}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6D274D48-EEAE-437E-B8E5-1C6EF3C3C263}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{6A36D5C3-85ED-4F52-AA6E-A53EB75F2841}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4EB3EE7C-5FCA-49E5-B270-81CEE5D238B6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{32344F5D-0051-4188-B406-FE50F5D3DB67}E:\games\isboxer\auth_srv_64.exe] => (Block) E:\games\isboxer\auth_srv_64.exe
FirewallRules: [UDP Query User{4C263407-E65B-4E83-BA40-2DA95D49B183}E:\games\isboxer\auth_srv_64.exe] => (Block) E:\games\isboxer\auth_srv_64.exe
FirewallRules: [{9E959774-DC47-4F73-BE5C-A88736178D10}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{78EF9D02-F07D-4203-B9D5-F4493AB4166A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F32DB54D-75C3-482F-BB22-FFF574D97304}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5F97BC6E-3C16-4D9E-964A-F6C3A0A0717A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DC4DBCA6-785E-43C3-A610-58AA498B257E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{DA77C8EE-4213-4084-996A-20298B6AE5C4}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{AB83139D-7E64-44AB-8640-51CC5B5A84A7}] => (Allow) E:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{8C4B1C7D-0159-4F72-BD34-67A6D4201005}] => (Allow) E:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{159C2542-5152-460A-BF22-D60ECA37106B}] => (Allow) E:\Games\Battlefield 4\bf4.exe
FirewallRules: [{AB03C638-FF8A-4EF8-B727-BF2242751CDD}] => (Allow) E:\Games\Battlefield 4\bf4.exe
FirewallRules: [{047EFB8F-2B9B-4D96-A4F8-13CFBD7A509D}] => (Allow) E:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFFF638B-E40A-4BE1-AC2B-CE0B3FF095FC}] => (Allow) E:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CAE4085E-9D3A-4A70-BEB5-112FF29F7041}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{B4E92E5C-D132-414D-9E7F-A1928829C615}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{91947A73-C57A-4028-BAEB-CBA52D87BD0D}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{0B4BE6BE-583D-4014-A0AC-7D3D4EBFE0B1}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{B1C31B04-C319-4416-9B0E-477E584467A1}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{C1163687-325F-44D6-BCB7-17E30B87703B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5078D711-286E-487F-8358-C95BA2AD0298}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{CA1316E8-F3A3-4339-8BC9-67EA274CA737}] => (Allow) E:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{BA4B7FD7-075A-4B97-8F07-C1B253B8D968}] => (Allow) E:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{D4AD095B-7EFA-488F-A8EC-E9F572C78D99}] => (Allow) E:\Games\Battlefield 4\bf4.exe
FirewallRules: [{46F98084-BA4C-47DE-BB03-0A9784EE6E18}] => (Allow) E:\Games\Battlefield 4\bf4.exe
FirewallRules: [{CAC6A746-5846-49D4-B680-0B9865B05EA9}] => (Allow) C:\Games\SteamLibrary\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{B28BD9C2-81FC-46D2-9D29-D932A74124F0}] => (Allow) C:\Games\SteamLibrary\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{AA2B7CE7-1A3E-4713-AE1D-687902F7C358}] => (Allow) E:\Games\Steam\SteamApps\common\The Secret World\ClientPatcher.exe
FirewallRules: [{EE21C22C-9049-4656-8121-86E59686684B}] => (Allow) E:\Games\Steam\SteamApps\common\The Secret World\ClientPatcher.exe
FirewallRules: [TCP Query User{E20154BB-DF82-4897-8AA9-A69C71DFC588}E:\games\diablo iii\diablo iii.exe] => (Allow) E:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{C99EAC8F-5710-4471-9BD9-00837177883E}E:\games\diablo iii\diablo iii.exe] => (Allow) E:\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{1B0C1207-6427-4732-B029-8DF304766789}E:\games\diablo iii\diablo iii.exe] => (Allow) E:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{CEF1CB2C-5F96-497F-BA42-9AEDA6CA647A}E:\games\diablo iii\diablo iii.exe] => (Allow) E:\games\diablo iii\diablo iii.exe
FirewallRules: [{4B651BDC-DA04-458C-9ED0-4F5ADD4B2FB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C4E4F34A-C66A-4CDE-9C41-7AC0423D9968}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F01EC84A-332C-4D2B-908E-4231DCB3C2CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D1591952-56FC-4147-A392-1F14D1EA91DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8369DE75-6F62-4008-98D2-A3B9E5684412}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2F719186-62C7-4240-9242-8D6E9EA13B36}] => (Allow) LPort=9322
FirewallRules: [{E5616078-359E-412C-98CA-B2DD06CD67F7}] => (Allow) LPort=5353
FirewallRules: [{4BCF5709-1FBD-4FD7-8E2E-9C43C9C42F75}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{5B5CC097-9536-4039-AD93-AA994FC4262E}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{EA4407D7-F9F0-42B0-92EE-A8132081025D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{A621A812-62AE-4A2D-8144-50C10FB20676}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{EE49DC7D-D932-4A0E-BB43-E40AE24CE635}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{61365CED-78CF-4D40-BCDB-94E18A55DA70}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{EE0D3630-033A-46D0-A03E-AFDBB1ABE314}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{D672C7D8-8A38-4B79-9C1B-75A6D351DFD3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{A02A0B16-EB53-454A-8D19-D4BD2E15EF1A}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{3705251F-97A0-4062-97BA-EB85740FB3F8}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{397A83BC-B574-48D0-86AA-341F00871251}] => (Allow) LPort=9322
FirewallRules: [{2752B576-CED8-496C-8034-8C502555F9F4}] => (Allow) LPort=5353
FirewallRules: [{E2EB8C7A-1307-49AE-AE54-872D590188BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{1BBA774A-1D0F-48AD-A05F-9EB410435951}] => (Allow) E:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{227CAB6F-4E1C-4094-95D5-BBF3226CEDF3}] => (Allow) E:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BCC2EEA8-20A0-4711-9370-F8DC354CDE8C}] => (Allow) C:\Users\Sam\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{6C3870ED-60D2-4DCF-B832-044BB2A6BDF5}] => (Allow) C:\Users\Sam\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{4B75848B-B9B2-42D8-BDEF-882594E72137}C:\users\sam\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\sam\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{0DC17A4B-F38D-4448-BCF4-897A212810B8}C:\users\sam\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\sam\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{7F9CB6C8-F40A-4969-89ED-DF424482EC7F}] => (Allow) E:\Games\WildStar\Wildstar.exe
FirewallRules: [{0F123D8A-0E60-44FE-8965-DE0D03191646}] => (Allow) E:\Games\WildStar\Wildstar.exe
FirewallRules: [{04E17BEC-9519-471C-87D2-AEEF76A19E33}] => (Allow) E:\Games\WildStar\Wildstar.exe
FirewallRules: [{D1FB2838-4B0F-4409-8BED-23A3982B835D}] => (Allow) E:\Games\WildStar\Wildstar.exe
FirewallRules: [{697F7A65-DE8F-4F56-BCDE-83659955D9CB}] => (Allow) C:\Users\Sam\AppData\Local\Apps\2.0\7HYPMDLM.XLG\YQAKB33K.BMW\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{6328973C-B866-4A5C-9E97-ACA74364BF85}] => (Allow) C:\Users\Sam\AppData\Local\Apps\2.0\7HYPMDLM.XLG\YQAKB33K.BMW\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{CE3DA477-A5A4-4BEC-9FCA-29AC4604FF32}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5D954213-E582-4B9C-913B-DE1389DD88CA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0A9EBA7A-6265-4230-9CB4-7EDEBF1E7DA1}] => (Allow) C:\Users\Sam\AppData\Local\Apps\2.0\7HYPMDLM.XLG\YQAKB33K.BMW\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{8016D0B8-D25C-49FC-BA92-A7CABE2F0320}] => (Allow) C:\Users\Sam\AppData\Local\Apps\2.0\7HYPMDLM.XLG\YQAKB33K.BMW\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{01C84BF9-EF15-42F4-BD4D-350EDEA9CE35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: CDC Serial
Description: CDC Serial
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: LGE Android Phone
Description: LGE Android Phone
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/28/2015 09:03:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/28/2015 08:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/28/2015 08:28:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/28/2015 08:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2015 07:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2015 05:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ViPER4WindowsCtrlPanel.exe, version: 1.0.0.1, time stamp: 0x524d875c
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcdd833
Exception code: 0xc0000005
Fault offset: 0x000000000001e3f0
Faulting process id: 0x24f0
Faulting application start time: 0xViPER4WindowsCtrlPanel.exe0
Faulting application path: ViPER4WindowsCtrlPanel.exe1
Faulting module path: ViPER4WindowsCtrlPanel.exe2
Report Id: ViPER4WindowsCtrlPanel.exe3
 
Error: (10/20/2015 05:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ViPER4WindowsCtrlPanel.exe, version: 1.0.0.1, time stamp: 0x524d875c
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcdd833
Exception code: 0xc0000005
Fault offset: 0x000000000001e3f0
Faulting process id: 0x%9
Faulting application start time: 0xViPER4WindowsCtrlPanel.exe0
Faulting application path: ViPER4WindowsCtrlPanel.exe1
Faulting module path: ViPER4WindowsCtrlPanel.exe2
Report Id: ViPER4WindowsCtrlPanel.exe3
 
Error: (10/15/2015 03:29:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/13/2015 06:44:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1974.1729, time stamp: 0x559bb830
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0x37c8
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
 
Error: (10/12/2015 07:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1974.1729, time stamp: 0x559bb830
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004f6c6
Faulting process id: 0x35dc
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
 
 
System errors:
=============
Error: (10/28/2015 09:03:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/28/2015 09:02:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP SI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (10/28/2015 09:02:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/28/2015 09:02:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/28/2015 09:02:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/28/2015 09:02:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Samsung UPD Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/28/2015 09:02:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PowerBiosServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/28/2015 09:02:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/28/2015 09:02:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/28/2015 09:02:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2013-10-29 09:20:44.988
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-29 09:20:44.938
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-24 23:10:41.081
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-24 23:10:41.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-24 22:48:40.124
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-24 22:48:40.059
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-11 07:33:36.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-11 07:33:36.800
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-10 08:27:24.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-10 08:27:24.842
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 53%
Total physical RAM: 8088.48 MB
Available physical RAM: 3760.3 MB
Total Virtual: 16175.18 MB
Available Virtual: 11249 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:5.23 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:465.66 GB) (Free:41.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 1000507B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4C222321)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Hi and welcome to G2G. Let's see if we can get you cleaned up. Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C1].txt as well.

 

Step#2 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.

 

Items for your next post

1. AdwCleaner log

2. Junkware log


  • 0

#3
FusionX

FusionX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Brian,

 

Thanks for getting back to me.  Please find below my attached logs.

 

I did want to say though, ever since I made this topic, I've stopped tethering my phone for internet access through USB tethering and I haven't had any issues at all.  I've done wifi tethering and that seems fine as well as wifi through a router.  I haven't had any of the symptoms that I described in my original post.  So I'm not sure what's going on really...

 

I am still committed to fixing whatever was wrong so thank you for the help.  The logs are below.  Oh, I should also say, when I went to run ADW, it said it was outdated and asked me to download a newer version, which I did.  So the ADW version I used is 5.015 (instead of 5.014) in case that makes a difference.

 

Thanks,

 

Sam

 

------

 

# AdwCleaner v5.015 - Logfile created 31/10/2015 at 23:46:30
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Sam - SAM-LAPTOP
# Running from : C:\Users\Sam\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1811 bytes] ##########
 
-----
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by Sam on Sat 10/31/2015 at 23:48:37.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\free youtube downloader
Successfully deleted: [Folder] C:\ProgramData\free youtube downloader
Successfully deleted: [Folder] C:\Users\Sam\Appdata\Local\free youtube downloader
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Sam\Appdata\Local\Google\Chrome\User Data\Default\Extensions\iohgglcbddjknnemakghbjadinmopafl
 
[C:\Users\Sam\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Sam\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
iohgglcbddjknnemakghbjadinmopafl
 
[C:\Users\Sam\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Sam\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  gkojfkhlekighikafcpjkiklfbnlmeio,
  iohgglcbddjknnemakghbjadinmopafl
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/31/2015 at 23:52:50.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

The ad injector was removed. If you have no further issues I think we are done. Please let me know. Thank  you.


  • 0

#5
FusionX

FusionX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Brian,

 

Thanks very much for your help.

 

If anything should pop up again when I tether my phone, I'll PM you to maybe re-look at it?

 

Thanks again!!

 

Sam


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Sounds good.

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 


  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#7
FusionX

FusionX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Thanks again for the help, here's my delfix log.

 

Cheers,

 

Sam

 

-----

 

# DelFix v1.011 - Logfile created 04/11/2015 at 14:59:43
# Updated 18/08/2015 by Xplode
# Username : Sam - SAM-LAPTOP
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sam\Desktop\Addition.txt
Deleted : C:\Users\Sam\Desktop\adwcleaner_5.015.exe
Deleted : C:\Users\Sam\Desktop\FRST.txt
Deleted : C:\Users\Sam\Desktop\FRST64.exe
Deleted : C:\Users\Sam\Desktop\JRT.exe
Deleted : C:\Users\Sam\Desktop\JRT.txt
Deleted : C:\Users\Sam\Desktop\Rkill.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #542 [JRT Pre-Junkware Removal | 10/31/2015 13:48:39]
Deleted : RP #543 [Installed Vodafone Mobile Broadband. | 11/02/2015 05:37:13]
Deleted : RP #544 [Windows Update | 11/03/2015 07:14:35]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP