Author Topic: [Resolved - K] Computer stuck at shutting down screen / Dropped internet  (Read 3578 times)

Offline maldock

  • Bronze Member
  • Posts: 12
Hi,

Problems
My problems started after I downloaded and used uTorrent, since then, I have had randomly dropped Internet connection. The computer refuses to shut down completely, leaving it stuck at the blue Shutting down part. I have to manually power off the computer which I reckon is not a good thing to do. When it’s stuck, both mouse and keyboard are still working..
I did a system restore the day before and had no problems, but after I installed uTorrent, these problems soon reappeared. I wanted to do another system restore but all my restore points were gone.
This is a recurring issue for me and I have had it for a while, however after the system restore I only DL 4 programs: GW2, uTorrent and iTunes.  GW2 had no issues prior, both iTunes & iFunbox was after the problem surfaced. All other programs were already installed before I did the system restore. Hence I was able to narrow it down to uTorrent being the main culprit.  I did a system restore 3 days ago, as of the time of this posting.
I have since uninstalled uTorrent, but the 2 abovementioned problems still remain. I appreciate any help provided. Thanks for your time
Logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2014 9:38:43 AM
System Uptime: 3/6/2015 12:08:54 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P7P55D PRO
Processor: Intel(R) Core(TM) i5 CPU         650  @ 3.20GHz | LGA1156 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 168.784 GiB free.
D: is FIXED (exFAT) - 652 GiB total, 26.791 GiB free.
E: is FIXED (exFAT) - 279 GiB total, 164.179 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP156: 3/5/2015 7:12:56 PM - Installed iTunes
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 16 ActiveX
Adobe Media Player
Adobe Reader XI (11.0.10)
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
BlueSoleil 10.0.479.1
Bonjour
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Google Chrome
Google Update Helper
Guild Wars 2
iFunbox (v2.94.2520.758), iFunbox DevTeam
iTunes
Java 8 Update 31
Java Auto Updater
Microsoft .NET Framework 4.5.2
Microsoft ASP.NET MVC 4 Runtime
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Home and Business 2013 - en-us
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
NVIDIA 3D Vision Controller Driver 347.09
NVIDIA 3D Vision Driver 347.25
NVIDIA Control Panel 347.25
NVIDIA GeForce Experience 2.2.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 347.25
NVIDIA HD Audio Driver 1.3.33.0
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 17.12.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 17.12.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 17.12.8
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.27
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
QuickTime 7
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Data Migration
Samsung Magician
Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
SHIELD Wireless Controller Driver
System Requirements Lab
TP-LINK Archer T4U Driver
TP-LINK Wireless Configuration Utility
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
USB Ethernet Adapter 13.02.0813.0194
WinRAR 5.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/6/2015 12:09:04 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
3/6/2015 12:09:03 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
3/6/2015 12:06:55 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/5/2015 8:37:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
3/5/2015 8:36:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/5/2015 8:35:34 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
3/5/2015 8:35:30 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 21
3/5/2015 8:33:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/5/2015 8:33:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/5/2015 8:33:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2015 8:33:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/5/2015 8:33:14 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom discache spldr Wanarpv6
3/3/2015 12:16:06 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/2/2015 11:12:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242006: Update for Windows 7 for x64-based Systems (KB3006137).
3/2/2015 11:05:05 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom discache SCDEmu spldr Wanarpv6
2/28/2015 5:17:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000117 (0xfffffa80072fb4e0, 0xfffff8800f1c393c, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022815-13197-01.dmp. Report Id: 022815-13197-01.
2/28/2015 2:01:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80081f6e10, 0xfffff80000b9c518, 0xfffffa8007a3b260). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022815-8408-01.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631  BrowserJavaVersion: 11.31.2
Run by FRED at 12:18:09 on 2015-03-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8190.6285 [GMT 8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\runSW.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SwUSB.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.sg/?gws_rd=ssl
uSearch Bar = Preserve
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
TB: <No Name>: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - LocalServer32 - <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Send by Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
TCP: NameServer = 202.156.1.16 218.186.2.16 218.186.2.6
TCP: Interfaces\{32184233-6296-4734-963F-0BAB29477695} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{5BB23631-6E3C-418C-812B-BA31272CC916} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE9222BF-6384-4783-B75B-F17FF3FDAEE3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE9222BF-6384-4783-B75B-F17FF3FDAEE3}\A756E67636C616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5AC3419-DE60-45F5-A0C9-BCFCC78F8356} : DHCPNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
TCP: Interfaces\{EFDF6890-CB61-4FD3-9E6E-FCEBF062B29B} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli IVTCredentialProvider
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 {c0915853-fd66-4086-a9ce-b80496d49b3f}Gw64;{c0915853-fd66-4086-a9ce-b80496d49b3f}Gw64;C:\Windows\System32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}Gw64.sys [2015-2-7 48832]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2014-7-23 273656]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-12-23 2449592]
R2 cPhoneSDKCS;cPhoneSDKCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [2014-6-16 281456]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-27 1148744]
R2 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2015-2-19 48856]
R2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2014-12-14 20832]
R3 BtHidBus;BtHidBus;C:\Windows\System32\drivers\BtHidBus.sys [2013-10-8 24032]
R3 IvtAudioBusSrv;IvtAudioBusSrv;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
R3 IvtComBusSrv;IvtComBusSrv;C:\Windows\System32\drivers\btcombus.sys [2013-11-18 25440]
R3 IvtPanBusSrv;IvtPanBusSrv;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-27 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2014-12-22 2978520]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2002-1-1 204800]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2002-1-1 256000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 AX88179;AX88179/178A USB 3.0/2.0 to Gigabit Ethernet Adapter;C:\Windows\System32\drivers\ax88179_178a.sys [2014-8-7 66560]
S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2014-6-24 29944]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;C:\Windows\System32\drivers\btcombus.sys [2013-11-18 25440]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-12 114688]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-27 19784]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2014-12-21 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-14 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2015-1-24 243712]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-12-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-12-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-27 1706312]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-27 21833544]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2015-03-05 11:13:24   33240   ----a-w-   C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-03-05 11:13:17   --------   d-----w-   C:\Program Files (x86)\iTunes
2015-03-05 11:13:16   --------   d-----w-   C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 11:13:16   --------   d-----w-   C:\Program Files\iTunes
2015-03-05 11:13:16   --------   d-----w-   C:\Program Files\iPod
2015-03-05 11:12:47   --------   d-----w-   C:\Program Files\Bonjour
2015-03-05 11:12:47   --------   d-----w-   C:\Program Files (x86)\Bonjour
2015-03-03 12:28:44   11910896   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F98C5FF-57C4-4922-87A2-82D46C8B602D}\mpengine.dll
2015-03-03 12:13:44   --------   d-----w-   C:\ProgramData\SystemRequirementsLab
2015-03-03 12:13:44   --------   d-----w-   C:\Program Files (x86)\SystemRequirementsLab
2015-03-02 16:28:02   --------   d-----w-   C:\Program Files (x86)\Guild Wars 2
2015-03-01 15:45:11   --------   d-----w-   C:\Users\FRED\AppData\Roaming\MPC-HC
2015-02-27 06:30:03   --------   d-----w-   C:\Users\FRED\AppData\Roaming\iFunbox_UserCache
2015-02-27 06:25:19   --------   d-----w-   C:\Users\FRED\AppData\Roaming\iFunBox.NXGen
2015-02-26 14:30:40   --------   d-----w-   C:\Program Files (x86)\Microsoft Games
2015-02-26 10:34:08   --------   d-----w-   C:\Users\FRED\AppData\Roaming\uTorrent
2015-02-25 11:50:25   --------   d-----w-   C:\Users\FRED\AppData\Roaming\TS3Client
2015-02-24 18:06:33   --------   d-----w-   C:\Users\FRED\AppData\Roaming\Guild Wars 2
2015-02-20 11:20:16   950272   ----a-w-   C:\Windows\System32\perftrack.dll
2015-02-20 11:20:16   91136   ----a-w-   C:\Windows\System32\wdi.dll
2015-02-20 11:20:16   76800   ----a-w-   C:\Windows\SysWow64\wdi.dll
2015-02-20 11:20:16   29696   ----a-w-   C:\Windows\System32\powertracker.dll
2015-02-19 16:31:45   --------   d-----w-   C:\Users\FRED\AppData\Local\Steam
2015-02-19 13:23:26   --------   d-----w-   C:\Users\FRED\AppData\Roaming\TP-LINK
2015-02-19 13:23:13   --------   d-----w-   C:\Program Files (x86)\TP-LINK
2015-02-19 13:22:56   48856   ----a-w-   C:\Windows\runSW.exe
2015-02-19 13:22:56   454360   ----a-w-   C:\Windows\SwUSB.exe
2015-02-13 12:21:01   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-02-13 12:21:01   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-02-13 12:21:01   6041600   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-13 12:21:01   4300800   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-02-12 05:11:15   3201536   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-11 10:53:38   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-02-11 10:53:38   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2015-02-11 10:53:37   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
2015-02-11 10:53:37   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2015-02-11 10:53:36   406528   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-11 10:53:36   308224   ----a-w-   C:\Windows\SysWow64\scesrv.dll
2015-02-08 03:12:22   --------   d-----w-   C:\ProgramData\Package Cache
2015-02-07 05:57:12   48832   ----a-w-   C:\Windows\System32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}Gw64.sys
2015-02-07 05:52:27   --------   d-----w-   C:\Users\FRED\AppData\Local\globalUpdate
2015-02-07 05:52:27   --------   d-----w-   C:\Program Files (x86)\globalUpdate
2015-02-07 05:51:00   --------   d-----w-   C:\Users\FRED\AppData\Roaming\MiniGet
2015-02-07 05:50:59   --------   d-----w-   C:\Program Files (x86)\MiniGet
2015-02-07 05:50:44   --------   d-----w-   C:\ProgramData\WindowsMangerProtect
2015-02-07 05:50:34   --------   d-----w-   C:\Users\FRED\AppData\Roaming\omiga-plus
2015-02-07 05:50:33   --------   d-----w-   C:\Users\FRED\AppData\Roaming\MailUpdate
2015-02-07 05:50:33   --------   d-----w-   C:\ProgramData\MailUpdate
2015-02-06 15:16:01   --------   d-----r-   C:\Users\FRED\iCloudDrive
.
==================== Find3M  ====================
.
2015-03-02 16:04:57   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-02 16:04:57   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29   609280   ----a-w-   C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20   762368   ----a-w-   C:\Windows\System32\invagent.dll
2015-02-04 03:16:16   414720   ----a-w-   C:\Windows\System32\devinv.dll
2015-02-04 03:16:14   894976   ----a-w-   C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13   192000   ----a-w-   C:\Windows\System32\aepic.dll
2015-02-04 03:13:28   1098752   ----a-w-   C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21   1239720   ----a-w-   C:\Windows\System32\aitstatic.exe
2015-01-21 14:30:48   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-16 06:41:34   1316184   ----a-w-   C:\Windows\SysWow64\nvspbridge.dll
2015-01-16 06:41:34   1278920   ----a-w-   C:\Windows\SysWow64\nvspcap.dll
2015-01-16 06:41:18   1756424   ----a-w-   C:\Windows\System32\nvspbridge64.dll
2015-01-16 06:41:18   1514528   ----a-w-   C:\Windows\System32\nvspcap64.dll
2015-01-15 08:14:17   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27   5554112   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-01-14 06:05:30   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-01-14 06:04:56   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59   3972544   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-01-13 04:15:56   1540240   ----a-w-   C:\Windows\System32\nvhdagenco6420103.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-01-10 08:07:47   73872   ----a-w-   C:\Windows\System32\OpenCL.dll
2015-01-10 08:07:47   60744   ----a-w-   C:\Windows\SysWow64\OpenCL.dll
2015-01-10 08:07:47   1895240   ----a-w-   C:\Windows\System32\nvdispco6434725.dll
2015-01-10 08:07:47   1556808   ----a-w-   C:\Windows\System32\nvdispgenco6434725.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-12-25 06:32:01   1952744   ----a-w-   C:\Users\FRED\AppData\Roaming\XPEQGO.exe
2014-12-22 16:41:02   298120   ------w-   C:\Windows\System32\MpSigStub.exe
2014-12-19 16:31:56   867240   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2014-12-19 16:31:56   789416   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2014-12-19 03:06:55   210432   ----a-w-   C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2014-12-13 10:08:08   1895056   ----a-w-   C:\Windows\System32\nvdispco6434709.dll
2014-12-13 10:08:08   1556624   ----a-w-   C:\Windows\System32\nvdispgenco6434709.dll
2014-12-12 05:31:39   1480192   ----a-w-   C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26   1174528   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2014-12-11 17:47:17   87040   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
.
============= FINISH: 12:18:18.32 ===============
« Last Edit: March 20, 2015, 01:52:43 PM by kevinf80 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Hello maldock and welcome to SpywareHammer,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thank you,

Kevin....

Offline maldock

  • Bronze Member
  • Posts: 12
Thanks for the quick reply. I have done as instructed and here are the results.



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/6/2015
Scan Time: 6:52:51 PM
Logfile: mbam 1a.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.06.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FRED

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380454
Time Elapsed: 5 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1144, Delete-on-Reboot, [01a869b96e1ca393458c0066db2508f8]

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [01a869b96e1ca393458c0066db2508f8],
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarantined, [40690d157218f046cd47110e5ea78f71],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [f0b97fa3cbbf1f1708f237ef3bca46ba],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c0915853-fd66-4086-a9ce-b80496d49b3f}Gw64, Quarantined, [f8b141e1b8d2cd697bf8139e50b325db],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [139623ffc4c6979fa05c2790c53eae52],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3355360711-3529315588-2665346775-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [acfd071b53375fd79dec7b8d4fb604fc],
PUP.Optional.SavePass.A, HKU\S-1-5-21-3355360711-3529315588-2665346775-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [7c2d041eeb9fca6c49d474510003ce32],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3355360711-3529315588-2665346775-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6a3f72b0b0dad6606bf25dbee0251be5],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],

Registry Values: 0
(No malicious items detected)

Registry Data: 6
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W, Good: (iexplore.exe), Bad: (C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W),Replaced,[fbaee53d8efc1026707ff7e7ed184bb5]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}),Replaced,[2980f9292f5b9a9ce60d6579a75ed42c]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}),Replaced,[3079e63c94f611252ccb875735d06d93]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W, Good: (iexplore.exe), Bad: (C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W),Replaced,[43660f1391f9d75f945b17c7f015fa06]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}),Replaced,[bdecb56d5238092d787bca14c93c56aa]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423288233&from=obw&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAFB74647W&q={searchTerms}),Replaced,[d7d2f72b503af54131c626b8d23317e9]

Folders: 7
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Delete-on-Reboot, [baef839fd1b9360026cbed9035cecb35],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [baef839fd1b9360026cbed9035cecb35],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.CytiWeb.A, C:\Users\FRED\AppData\Local\Temp\Cyti Web, Quarantined, [75340121f2982e08ea00435947bcd42c],

Files: 45
PUP.Optional.Girafarri, C:\WINDOWS\SYSTEM32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}Gw64.sys, Delete-on-Reboot, [e7650f402e5f9c67712897ba87e75d84],
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Delete-on-Reboot, [01a869b96e1ca393458c0066db2508f8],
PUP.Optional.OpenCandy, C:\Users\FRED\AppData\Local\Temp\uttE799.tmp, Quarantined, [921738ea8604c1752b87f80b39cd52ae],
PUP.Optional.FriedCookie, C:\Users\FRED\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe, Quarantined, [8d1c50d27317a0963a42c6ff41c4fa06],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [baef839fd1b9360026cbed9035cecb35],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\GoogleCrashHandler.exe, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\GoogleUpdate.exe, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\GoogleUpdateBroker.exe, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\GoogleUpdateHelper.msi, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\GoogleUpdateOnDemand.exe, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\goopdate.dll, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\goopdateres_en.dll, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\npGoogleUpdate4.dll, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\psmachine.dll, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.461589\psuser.dll, Quarantined, [06a35dc5b2d81a1c3ba094eb22e1dc24],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\GoogleCrashHandler.exe, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\GoogleUpdate.exe, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\GoogleUpdateBroker.exe, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\GoogleUpdateHelper.msi, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\GoogleUpdateOnDemand.exe, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\goopdate.dll, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\goopdateres_en.dll, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\npGoogleUpdate4.dll, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\psmachine.dll, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.77094\psuser.dll, Quarantined, [1396f0328a008aac9843126daa59cc34],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\GoogleCrashHandler.exe, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\GoogleUpdate.exe, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\GoogleUpdateBroker.exe, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\GoogleUpdateHelper.msi, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\GoogleUpdateOnDemand.exe, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\goopdate.dll, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\goopdateres_en.dll, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\npGoogleUpdate4.dll, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\psmachine.dll, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.116641\psuser.dll, Quarantined, [09a0f62c107aea4c904b4a350af90000],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\GoogleCrashHandler.exe, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\GoogleUpdate.exe, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\GoogleUpdateBroker.exe, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\GoogleUpdateHelper.msi, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\GoogleUpdateOnDemand.exe, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\goopdate.dll, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\goopdateres_en.dll, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\npGoogleUpdate4.dll, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\psmachine.dll, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],
PUP.Optional.GlobalUpdate.A, C:\Users\FRED\AppData\Local\Temp\comh.410436\psuser.dll, Quarantined, [09a032f0365486b0e3f8dca3da29dd23],

Physical Sectors: 0
(No malicious items detected)


(end)

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/6/2015 6:51:52 PM, SYSTEM, SHEM-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Update, 3/6/2015 6:51:52 PM, SYSTEM, SHEM-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 3/6/2015 6:52:03 PM, SYSTEM, SHEM-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.6.2,
Scan, 3/6/2015 6:59:39 PM, SYSTEM, SHEM-PC, Manual, Start:3/6/2015 6:52:51 PM, Duration:5 min 36 sec, Threat Scan, Completed, 1 Malware Detection, 68 Non-Malware Detections,

(end)

AdwCleaner

# AdwCleaner v4.111 - Logfile created 06/03/2015 at 19:04:15
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : FRED - SHEM-PC
# Running from : C:\Users\FRED\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\MailUpdate
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Users\FRED\AppData\Local\globalUpdate
Folder Deleted : C:\Users\FRED\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\FRED\AppData\Roaming\omiga-plus
Folder Deleted : C:\Users\FRED\AppData\Roaming\MailUpdate

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v41.0.2272.76


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [12162 bytes] - [25/12/2014 15:12:39]
AdwCleaner[R1].txt - [2602 bytes] - [06/03/2015 19:02:05]
AdwCleaner[S0].txt - [11817 bytes] - [25/12/2014 15:13:37]
AdwCleaner[S1].txt - [2420 bytes] - [06/03/2015 19:04:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2479  bytes] ##########


JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by FRED on Fri 03/06/2015 at 19:12:15.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/06/2015 at 19:14:03.88
End of JRT log

 

Offline maldock

  • Bronze Member
  • Posts: 12
Farbar Recovery Scan Tool
FRST log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by FRED (administrator) on SHEM-PC on 06-03-2015 19:15:36
Running from C:\Users\FRED\Downloads
Loaded Profiles: FRED (Available profiles: FRED)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\runSW.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Thisisu) C:\Users\FRED\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
Lsa: [Notification Packages] scecli IVTCredentialProvider
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3355360711-3529315588-2665346775-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
HKU\S-1-5-21-3355360711-3529315588-2665346775-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.sg/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [isend@www.bluesoleil.com] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com
FF Extension: No Name - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com [2014-12-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-06]
CHR Extension: (Please enter your password) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-03-06]
CHR Extension: (YouTube) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-06]
CHR Extension: (Facebook) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-06]
CHR Extension: (Google Search) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-06]
CHR Extension: (Google Sheets) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (AdBlock) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-06]
CHR Extension: (Bookmark Manager) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-06]
CHR Extension: (SoundCloud) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-03-06]
CHR Extension: (Autodesk Homestyler) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2015-03-06]
CHR Extension: (PictureMate - View hidden pictures) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmlalkcjmglpgdkmkmmgjcajahkoigj [2015-03-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (FVD Downloader) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-03-06]
CHR Extension: (Google Maps) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-03-06]
CHR Extension: (FlashControl) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-03-06]
CHR Extension: (WGT Golf Game) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2015-03-06]
CHR Extension: (Outlook.com) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-03-06]
CHR Extension: (Gmail) - C:\Users\FRED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-06]
CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3246984 2014-07-28] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2014-07-23] (IVT Corporation)
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [273656 2014-07-23] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 cPhoneSDKCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [281456 2014-06-16] (IVT Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [66560 2014-08-07] (ASIX Electronics Corp.)
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29944 2014-06-24] (IVT Corporation.)
S3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [25440 2013-11-18] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44152 2014-07-14] (IVT Corporation.)
R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25440 2013-11-18] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2013-11-14] (Realtek Semiconductor Corporation                           )
R3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [204800 2012-03-23] (VIA Technologies, Inc.)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2013-02-05] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2013-02-05] (Nicomsoft Ltd.) [File not signed]
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [256000 2012-03-23] (VIA Technologies, Inc.)
S3 cpuz137; \??\C:\Users\FRED\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 19:15 - 2015-03-06 19:15 - 00017656 _____ () C:\Users\FRED\Downloads\FRST.txt
2015-03-06 19:15 - 2015-03-06 19:15 - 00000000 ____D () C:\FRST
2015-03-06 19:14 - 2015-03-06 19:14 - 02092544 _____ (Farbar) C:\Users\FRED\Downloads\FRST64.exe
2015-03-06 19:14 - 2015-03-06 19:14 - 00000632 _____ () C:\Users\FRED\Desktop\JRT.txt
2015-03-06 19:11 - 2015-03-06 19:06 - 00002571 _____ () C:\Users\FRED\Desktop\AdwCleaner[S1].txt
2015-03-06 19:07 - 2015-03-06 19:08 - 01388333 _____ (Thisisu) C:\Users\FRED\Downloads\JRT.exe
2015-03-06 19:01 - 2015-03-06 19:01 - 02126848 _____ () C:\Users\FRED\Downloads\AdwCleaner.exe
2015-03-06 18:51 - 2015-03-06 18:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 18:51 - 2015-03-06 18:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-06 18:51 - 2015-03-06 18:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-06 18:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-06 18:51 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-06 18:51 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-06 18:50 - 2015-03-06 18:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\FRED\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-06 16:39 - 2015-03-06 17:29 - 00271930 _____ () C:\Users\FRED\Documents\Guild Wars 2 Cyborg Profile.pr0
2015-03-06 16:36 - 2015-03-06 16:36 - 00000000 ____D () C:\Users\FRED\AppData\Local\SmartTechnology
2015-03-06 16:16 - 2015-03-06 16:16 - 00000000 ____D () C:\Users\FRED\Downloads\MMO_Profiles_v1_8
2015-03-06 16:06 - 2015-03-06 16:06 - 00000000 ____D () C:\ProgramData\SmartTechnology
2015-03-06 16:06 - 2015-03-06 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2015-03-06 16:06 - 2015-03-06 16:06 - 00000000 ____D () C:\Program Files\SmartTechnology
2015-03-06 16:05 - 2015-03-06 16:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf
2015-03-06 15:49 - 2015-03-06 15:50 - 13229920 _____ (Mad catz ) C:\Users\FRED\Downloads\Range_RAT7_SD7_0_20_0_64Bit_Drivers.exe
2015-03-06 15:47 - 2015-03-06 15:58 - 129201056 _____ (Mad catz ) C:\Users\FRED\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2015-03-06 15:47 - 2015-03-06 15:47 - 00411361 _____ () C:\Users\FRED\Downloads\MMO_Profiles_v1_8.zip
2015-03-06 12:18 - 2015-03-06 12:18 - 00024286 _____ () C:\Users\FRED\Desktop\dds.txt
2015-03-06 12:18 - 2015-03-06 12:18 - 00010710 _____ () C:\Users\FRED\Desktop\attach.txt
2015-03-06 12:17 - 2015-03-06 12:18 - 00688992 ____R (Swearware) C:\Users\FRED\Downloads\dds.com
2015-03-06 10:55 - 2015-03-06 10:55 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-06 10:55 - 2015-03-06 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-06 10:54 - 2015-03-06 19:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 10:54 - 2015-03-06 18:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 10:54 - 2015-03-06 10:54 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-06 10:54 - 2015-03-06 10:54 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-05 19:13 - 2015-03-05 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-05 19:13 - 2015-03-05 19:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 19:13 - 2015-03-05 19:13 - 00000000 ____D () C:\Program Files\iTunes
2015-03-05 19:13 - 2015-03-05 19:13 - 00000000 ____D () C:\Program Files\iPod
2015-03-05 19:13 - 2015-03-05 19:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-05 19:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-05 19:12 - 2015-03-05 19:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-05 19:12 - 2015-03-05 19:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-05 19:12 - 2015-03-05 19:12 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-05 19:12 - 2015-03-05 19:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-05 19:12 - 2015-03-05 19:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-05 19:05 - 2015-03-05 19:05 - 00000604 _____ () C:\Users\Public\Desktop\iFunbox.lnk
2015-03-05 19:05 - 2015-03-05 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2015-03-03 20:13 - 2015-03-03 20:13 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-03-03 20:13 - 2015-03-03 20:13 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-03-03 00:28 - 2015-03-03 00:28 - 00000936 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-03-03 00:28 - 2015-03-03 00:28 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-03-02 23:47 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-02 23:47 - 2015-01-09 07:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-01 23:45 - 2015-03-01 23:45 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\MPC-HC
2015-03-01 23:44 - 2015-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2015-03-01 21:08 - 2015-03-01 21:08 - 00000000 ____D () C:\Users\FRED\Documents\Guild Wars 2
2015-02-27 14:30 - 2015-03-05 19:30 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\iFunbox_UserCache
2015-02-27 14:25 - 2015-02-27 14:25 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\iFunBox.NXGen
2015-02-26 22:30 - 2015-03-02 01:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-02-26 18:34 - 2015-03-05 17:02 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\uTorrent
2015-02-25 19:50 - 2015-03-01 23:38 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\TS3Client
2015-02-25 19:49 - 2015-02-25 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-02-25 19:27 - 2015-02-25 19:27 - 00000000 ____D () C:\Users\FRED\Downloads\New folder
2015-02-25 04:05 - 2015-03-06 10:55 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 02:16 - 2015-03-03 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-02-25 02:06 - 2015-02-25 02:06 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\Guild Wars 2
2015-02-21 09:41 - 2015-02-21 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-20 19:20 - 2015-01-09 11:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-20 19:20 - 2015-01-09 11:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-20 19:20 - 2015-01-09 11:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-20 19:20 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-20 00:31 - 2015-02-20 00:31 - 00000000 ____D () C:\Users\FRED\AppData\Local\Steam
2015-02-19 21:23 - 2015-03-02 23:08 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\TP-LINK
2015-02-19 21:23 - 2015-02-19 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-02-19 21:23 - 2015-02-19 21:23 - 00000000 ____D () C:\Program Files (x86)\TP-LINK
2015-02-19 21:22 - 2013-11-14 10:57 - 00454360 _____ (Realtek) C:\Windows\SwUSB.exe
2015-02-19 21:22 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2015-02-13 20:21 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 20:21 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:21 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 20:21 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 17:45 - 2015-02-04 11:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 17:45 - 2015-02-04 11:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 17:45 - 2015-02-04 11:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 17:45 - 2015-02-04 11:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 17:45 - 2015-02-04 11:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 17:45 - 2015-02-04 11:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 17:45 - 2015-02-04 11:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 17:45 - 2015-01-28 07:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 17:45 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 17:45 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 17:45 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 17:45 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 17:45 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 17:45 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 17:45 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 17:45 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 17:45 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 17:45 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 17:45 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 17:45 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 17:45 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 17:45 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 17:45 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 17:45 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 17:45 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 17:45 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 17:45 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 17:45 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 17:45 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 17:45 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 17:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 17:45 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 17:45 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 17:45 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 17:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 17:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 17:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 17:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 17:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 17:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 17:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 17:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 17:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 17:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 17:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 17:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 17:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 17:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 17:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 17:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 17:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 17:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 17:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 17:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 17:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 17:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 17:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 17:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 17:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 17:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 17:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 17:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 17:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 17:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 17:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 17:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 17:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 17:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 17:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 17:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 17:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 17:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 17:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 17:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 17:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 17:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 17:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 17:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 17:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 17:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 17:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 17:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 17:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 17:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 17:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 17:45 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 17:45 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 17:45 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 17:45 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 17:45 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 17:45 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 17:45 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 17:45 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 13:11 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:53 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:53 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:53 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:53 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:53 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 18:53 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-08 11:13 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-02-08 11:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-08 11:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-02-08 11:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-08 11:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-08 11:13 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-02-08 11:13 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-08 11:13 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-08 11:13 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-08 11:13 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-02-08 11:13 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-08 11:12 - 2015-02-08 11:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 13:51 - 2015-02-07 13:51 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\MiniGet
2015-02-07 13:50 - 2015-02-07 13:59 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2015-02-06 23:16 - 2015-02-06 23:23 - 00000000 ___RD () C:\Users\FRED\iCloudDrive

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 19:12 - 2009-07-14 12:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 19:12 - 2009-07-14 12:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 19:11 - 2009-07-14 13:13 - 00789190 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-06 19:08 - 2014-12-14 09:38 - 01158287 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 19:05 - 2014-12-21 19:53 - 00069023 _____ () C:\Windows\runSW.log
2015-03-06 19:05 - 2014-12-16 20:58 - 00066687 _____ () C:\Windows\setupact.log
2015-03-06 19:05 - 2010-11-21 11:47 - 00840510 _____ () C:\Windows\PFRO.log
2015-03-06 19:05 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 19:04 - 2014-12-25 15:12 - 00000000 ____D () C:\AdwCleaner
2015-03-06 18:59 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-06 18:51 - 2015-01-02 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-06 16:38 - 2014-12-14 15:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 12:12 - 2014-12-15 20:39 - 00000000 ____D () C:\Users\FRED\Documents\OneNote Notebooks
2015-03-06 10:55 - 2014-12-20 00:28 - 00000000 ____D () C:\Users\FRED\AppData\Local\Google
2015-03-06 10:54 - 2015-01-10 21:42 - 00000000 ____D () C:\Users\FRED\AppData\Local\Deployment
2015-03-05 20:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-05 20:01 - 2015-01-02 00:01 - 00000000 ____D () C:\Users\FRED\AppData\Local\CrashDumps
2015-03-05 19:12 - 2014-12-19 20:56 - 00000000 ____D () C:\ProgramData\Apple
2015-03-05 18:59 - 2014-07-28 17:39 - 00001550 _____ () C:\Windows\SysWOW64\bscs.ini
2015-03-03 13:25 - 2014-12-14 15:27 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\vlc
2015-03-03 00:05 - 2014-12-14 15:21 - 00000000 ____D () C:\Users\FRED\AppData\Local\Adobe
2015-03-03 00:04 - 2014-12-14 15:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-03 00:04 - 2014-12-14 15:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 00:04 - 2014-12-14 15:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-02 23:53 - 2014-12-14 09:41 - 00088992 _____ () C:\Users\FRED\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 23:20 - 2014-12-19 20:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-02 23:19 - 2014-12-15 20:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-02 23:08 - 2015-01-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-02 23:08 - 2014-12-25 15:48 - 00000000 ____D () C:\Users\FRED\AppData\Local\bluesoleil
2015-03-02 23:08 - 2014-12-14 15:23 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-02 23:08 - 2014-12-14 10:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-02 23:08 - 2014-12-14 10:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-02 23:08 - 2014-12-14 09:38 - 00000000 ____D () C:\Users\FRED
2015-03-02 23:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\security
2015-03-02 23:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2015-03-02 23:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Help
2015-03-02 23:07 - 2015-01-21 22:30 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-02 23:07 - 2014-12-20 00:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-02 23:07 - 2014-12-14 10:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-28 18:22 - 2014-12-14 09:52 - 00000000 ____D () C:\Temp
2015-02-25 18:48 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-23 01:24 - 2014-12-25 15:47 - 00006567 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2015-02-23 00:39 - 2014-12-27 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-22 22:04 - 2014-12-25 15:47 - 00000099 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2015-02-22 22:04 - 2009-07-14 12:45 - 02974240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-22 21:47 - 2014-12-14 15:26 - 00000000 ____D () C:\Program Files\VideoLAN
2015-02-22 21:46 - 2014-12-28 10:18 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-22 21:46 - 2014-12-24 20:21 - 00000000 ____D () C:\ProgramData\HP
2015-02-22 21:46 - 2014-12-21 21:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-22 21:42 - 2015-01-13 22:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-22 21:42 - 2014-12-14 15:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-22 21:42 - 2014-12-14 11:13 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\Adobe
2015-02-22 21:25 - 2014-12-25 15:50 - 00000151 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2015-02-21 09:41 - 2015-01-10 11:25 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-21 09:41 - 2014-12-20 09:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-20 19:59 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-02-19 21:23 - 2014-12-22 19:56 - 00000000 ____D () C:\ProgramData\TP-LINK
2015-02-19 21:23 - 2014-12-14 09:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-16 22:31 - 2014-12-14 15:30 - 00000000 ____D () C:\Windows\pss
2015-02-12 19:26 - 2014-12-14 14:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 19:26 - 2014-12-14 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 19:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 23:53 - 2014-12-14 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:53 - 2009-07-14 10:34 - 00000580 _____ () C:\Windows\win.ini
2015-02-11 23:51 - 2014-12-14 10:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 22:56 - 2014-12-28 14:41 - 00044921 _____ () C:\Windows\DirectX.log
2015-02-08 08:24 - 2009-07-14 13:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-07 14:01 - 2014-12-14 09:39 - 00000987 _____ () C:\Users\FRED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-06 23:25 - 2014-12-19 20:57 - 00000000 ____D () C:\Users\FRED\AppData\Roaming\Apple Computer
2015-02-06 23:16 - 2014-12-19 21:03 - 00000000 ____D () C:\Users\FRED\AppData\Local\Apple Inc
2015-02-06 23:16 - 2014-12-19 20:56 - 00000000 ____D () C:\Users\FRED\AppData\Local\Apple

==================== Files in the root of some directories =======

2014-12-25 14:29 - 2014-12-25 14:32 - 1952744 _____ () C:\Users\FRED\AppData\Roaming\XPEQGO.exe
2015-01-15 01:46 - 2015-01-15 01:46 - 0014131 _____ () C:\Users\FRED\AppData\Local\recently-used.xbel
2014-12-24 20:21 - 2014-12-24 20:21 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\FRED\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\FRED\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\FRED\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\FRED\AppData\Local\Temp\Gw2.exe
C:\Users\FRED\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\FRED\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\FRED\AppData\Local\Temp\nvStInst.exe
C:\Users\FRED\AppData\Local\Temp\Quarantine.exe
C:\Users\FRED\AppData\Local\Temp\Runner2.exe
C:\Users\FRED\AppData\Local\Temp\Runner4.exe
C:\Users\FRED\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\FRED\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\FRED\AppData\Local\Temp\sqlite3.dll
C:\Users\FRED\AppData\Local\Temp\SRLDetectionLibrary1376303839891597096.dll
C:\Users\FRED\AppData\Local\Temp\ttv.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 14:49

==================== End Of Log ============================



Offline maldock

  • Bronze Member
  • Posts: 12
Addition Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by FRED at 2015-03-06 19:15:57
Running from C:\Users\FRED\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlueSoleil 10.0.479.1 (HKLM\...\{9453A661-550D-4FB9-BC91-3C1EEDF2ABDB}) (Version: 10.0.479.1 - IVT Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
iFunbox (v2.94.2520.758), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.94.2520.758 - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3355360711-3529315588-2665346775-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.1.0 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
USB Ethernet Adapter 13.02.0813.0194 (HKLM-x32\...\{AD8916AD-B5F0-4FFF-BA42-2EC09FED5A35}) (Version: 13.02.0813.0194 - MCT Corp)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\FRED\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_2\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\FRED\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_2\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\FRED\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_2\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\FRED\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_2\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

05-03-2015 19:12:56 Installed iTunes
06-03-2015 16:04:58 Device Driver Package Install: Mad Catz Mice and other pointing devices
06-03-2015 16:05:11 Device Driver Package Install: Mad Catz Human Interface Devices
06-03-2015 16:06:27 Device Driver Package Install: Mad Catz

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04B69C98-D4A8-47F8-83DA-C164E2AB8331} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2410E037-CED8-43ED-B82A-4E4D12C608AF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3355360711-3529315588-2665346775-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {445428C7-06FC-47FF-A5E0-7300929846FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-03] (Adobe Systems Incorporated)
Task: {4539D0C3-E24A-4BE4-82AD-B6A1AF659BDE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5141BE1F-DF1E-4662-829C-D556BCF934F5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {55AA065D-AE19-4638-A781-E3884CE27876} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe
Task: {648C960E-469F-4029-93D1-E7D0F214E4B6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3355360711-3529315588-2665346775-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {75884827-E6A2-49C9-83A2-E643699CBA5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.)
Task: {9333915E-94D7-4729-B66E-497D2D0BF8BC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A1466398-58E2-49F3-9503-3C06F4C311D2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {AC8E6B11-9B7C-4DAA-998B-597232866CC7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3355360711-3529315588-2665346775-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BD02F404-8537-4ED8-8509-0DAFA6F887D6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3355360711-3529315588-2665346775-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D539DDBB-3EAE-4CC6-8967-E6231B9AD0CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {E20980D4-1615-4209-8844-5F0C3FB79CC1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {EB934197-6FBA-4CED-AE5B-483B0FE07CBE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {F6BAD630-14F8-4FF8-861D-98781CEBA6D3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3355360711-3529315588-2665346775-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FFDBD8C7-AAB3-41A8-BBD1-F2544E6FA026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-23 16:02 - 2014-07-23 16:02 - 00268536 _____ () C:\Windows\system32\IVTCredentialProvider.DLL
2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\system32\BsTrace.dll
2014-12-14 10:03 - 2014-07-03 02:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-23 16:02 - 2014-07-23 16:02 - 00028920 _____ () C:\Windows\System32\BsTrace.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 21:38 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-19 21:22 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2014-07-23 16:02 - 2014-07-23 16:02 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-02-19 21:23 - 2013-12-16 08:52 - 00847872 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2015-03-02 23:19 - 2014-12-24 03:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00236280 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BaseLib.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00056056 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\ExtraLib.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00048376 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\cscvt.dll
2014-07-23 16:01 - 2014-07-23 16:01 - 00031480 _____ () C:\Windows\SysWow64\BsHelpCSps.dll
2014-06-16 17:03 - 2014-06-16 17:03 - 00039672 _____ () C:\Windows\SysWOW64\cPhoneSDKCSps.dll
2015-02-19 21:23 - 2013-11-21 15:13 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-02-19 21:23 - 2013-07-23 15:21 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-02-19 21:23 - 2013-12-20 10:13 - 00300544 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2015-03-06 10:55 - 2015-02-28 09:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-06 10:55 - 2015-02-28 09:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2015-03-06 10:55 - 2015-02-28 09:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3355360711-3529315588-2665346775-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\FRED\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.156.1.16 - 218.186.2.16

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell UltraSharp Color Calibration Solution Tray.lnk => C:\Windows\pss\Dell UltraSharp Color Calibration Solution Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^FRED^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^FRED^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupfolder: C:^Users^FRED^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupfolder: C:^Users^FRED^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Supremacy 2014 HDRip XviD AC3-EVO.lnk => C:\Windows\pss\Supremacy 2014 HDRip XviD AC3-EVO.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
MSCONFIG\startupreg: CatalinaGroup Update => "C:\Users\FRED\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c
MSCONFIG\startupreg: DellSystemDetect => C:\Users\FRED\AppData\Local\Apps\2.0\ON03TCHR.VGO\4L4YVK4P.GGT\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2354626405RP:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iFunBox Fast App Install Handler => E:\iFunbox\i-Funbox DevTeam\iFunBox_x64.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
MSCONFIG\startupreg: Search Protection => "C:\Users\FRED\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

==================== Accounts: =============================

Administrator (S-1-5-21-3355360711-3529315588-2665346775-500 - Administrator - Disabled)
FRED (S-1-5-21-3355360711-3529315588-2665346775-1001 - Administrator - Enabled) => C:\Users\FRED
Guest (S-1-5-21-3355360711-3529315588-2665346775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3355360711-3529315588-2665346775-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-18 15:18:39.627
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-18 15:18:39.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8190.05 MB
Available physical RAM: 6327.12 MB
Total Pagefile: 16378.3 MB
Available Pagefile: 14302.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:167.09 GB) NTFS
Drive d: (WD Coca) (Fixed) (Total:652.03 GB) (Free:26.79 GB) exFAT
Drive e: (WD Cola) (Fixed) (Total:279.25 GB) (Free:164.18 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3889E538)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 340FE94B)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=652.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=279.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Scan with HerdProtect

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

Please include the contents of that report in your next reply.

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link
When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.


Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.


In most cases, a restart will be required.


Wait for the prompt to restart the computer to appear, then click on Yes.


When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Post those logs, also let me know if you have any remaining issues or concerns...

Thank you,

Kevin...

Offline maldock

  • Bronze Member
  • Posts: 12
Hi Kelvin,

I'm trying hard to find the attached fixlist.txt. I've searched high and low all over your post but with no avail.

Anyhow, the symptoms of a the problems (in the following sequence) are that:
Google Chrome freezes > after 10secs > Internet connectivity becomes limited (yellow exclamation mark on my Wi-fi notification icon  > I have to restart comp but stuck at shutting down screem.
Manual shutdown via power button > back to normal.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Apologies, I thought the file was attached. It is this time....

Offline maldock

  • Bronze Member
  • Posts: 12
Hey Kelvin,
as per your instructions.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by FRED at 2015-03-07 11:54:20 Run:1
Running from C:\Users\FRED\Downloads
Loaded Profiles: FRED (Available profiles: FRED)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3355360711-3529315588-2665346775-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 cpuz137; \??\C:\Users\FRED\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
C:\Users\FRED\AppData\Roaming\uTorrent
C:\Users\FRED\AppData\Roaming\XPEQGO.exe
C:\Users\FRED\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\FRED\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\FRED\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\FRED\AppData\Local\Temp\Gw2.exe
C:\Users\FRED\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\FRED\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\FRED\AppData\Local\Temp\nvStInst.exe
C:\Users\FRED\AppData\Local\Temp\Quarantine.exe
C:\Users\FRED\AppData\Local\Temp\Runner2.exe
C:\Users\FRED\AppData\Local\Temp\Runner4.exe
C:\Users\FRED\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\FRED\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\FRED\AppData\Local\Temp\sqlite3.dll
C:\Users\FRED\AppData\Local\Temp\SRLDetectionLibrary1376303839891597096.dll
C:\Users\FRED\AppData\Local\Temp\ttv.exe
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1
EmptyTemp:
end



*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3355360711-3529315588-2665346775-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
HKU\S-1-5-21-3355360711-3529315588-2665346775-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
cpuz137 => Service deleted successfully.
dcdbas => Service deleted successfully.
C:\Users\FRED\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\FRED\AppData\Roaming\XPEQGO.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\Gw2.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\Runner2.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\Runner4.exe => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\SRLDetectionLibrary1376303839891597096.dll => Moved successfully.
C:\Users\FRED\AppData\Local\Temp\ttv.exe => Moved successfully.
C:\ProgramData\TEMP => ":792D4CF1" ADS removed successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:54:30 ====

Herd Protect

Saved date:        3/7/2015 12:12:59 PM
Files detected:    9
Files scanned:       8,791
Processes scanned:    62
Modules scanned:    660
ASEPs scanned:       443
Downloads scanned:    1
Deep analysis:       14/6
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:       c:\users\fred\downloads\frst64.exe
Publisher:       Farbar
MD5:          db067fdb6ad6dac38b7a69b282593d54
SHA-1:          e58daff1c8bb2e41a55268eed8e68e831c5eae81
Created:       3/7/2015 12:46:43 AM
Detections:       1
Determination:       Ignore detections (false positive)
         - Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

---------------------------------------------------------------------------------

File path:       c:\windows\syswow64\iscsicpl.dll
Publisher:       Microsoft Corporation
MD5:          f945adcef203e6104aec8ec9c337cfd0
SHA-1:          85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created:       7/14/2009 7:46:13 AM
Detections:       1
Determination:       Ignore detections (false positive)
         - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:       c:\programdata\application data\{3cffe128-7388-ebde-3cff-fe12873884a1}\supremacy 2014 hdrip xvid ac3-evo.exe
Publisher:       
Signer:       Stanislav  Kabin
MD5:          89d6c325af9c251d8ad50605d002eb6d
SHA-1:          a7229f0b55405c643c01e40e0eb48fdcc2204667
Created:       1/29/2014 4:20:56 PM
Detections:       11
Determination:       Adware
         - Reason Heuristics as PUP.StanislavKabin (Adware)
         - avast! as Win32:MultiPlug-SY [PUP] (Adware)
         - F-Secure as Gen:Variant.Adware.Mplug (Adware)
         - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
         - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
         - VIPRE Antivirus as Threat.4753027 (Undefined)
         - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
         - McAfee as Program.MultiPlug-FVQ (Adware)
         - Kaspersky as not-a-virus:AdWare.Win32.MultiPlug (Adware)
         - AVG as Adware Generic6.LAZ (Adware)
         - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)

---------------------------------------------------------------------------------

File path:       c:\programdata\{3cffe128-7388-ebde-3cff-fe12873884a1}\supremacy 2014 hdrip xvid ac3-evo.exe
Publisher:       
Signer:       Stanislav  Kabin
MD5:          89d6c325af9c251d8ad50605d002eb6d
SHA-1:          a7229f0b55405c643c01e40e0eb48fdcc2204667
Created:       1/29/2014 4:20:56 PM
Detections:       11
Determination:       Adware
         - Reason Heuristics as PUP.StanislavKabin (Adware)
         - avast! as Win32:MultiPlug-SY [PUP] (Adware)
         - F-Secure as Gen:Variant.Adware.Mplug (Adware)
         - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
         - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
         - VIPRE Antivirus as Threat.4753027 (Undefined)
         - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
         - McAfee as Program.MultiPlug-FVQ (Adware)
         - Kaspersky as not-a-virus:AdWare.Win32.MultiPlug (Adware)
         - AVG as Adware Generic6.LAZ (Adware)
         - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)

---------------------------------------------------------------------------------

File path:       c:\users\fred\appdata\local\google\chrome sxs\user data\default\extensions\lpefcenbnmljmhdibmdlomklondnjifp\5.2\manifest.json
Publisher:       
MD5:          9d9d74bfa8e9ace025b834b96419d05e
SHA-1:          f5e56a100b0208b88335859cec692d867ffb572b
Created:       12/20/2014 12:28:39 AM
Detections:       1
Determination:       Adware
         - Reason Heuristics as PUP.Chrome.Extension.PriceLess (Adware)

---------------------------------------------------------------------------------

File path:       c:\program files\smarttechnology\software\controllers\25a4f72c_5a88_4168_809a_55bf002dc6b1.dll
Publisher:       Saitek
MD5:          d8c9e6306714ff282d8bce7d251450a9
SHA-1:          2880c544d9ff8bdac07847ed83026317f2390174
Created:       4/16/2013 5:36:22 PM
Detections:       1
Determination:       Ignore detections (false positive)
         - Emsisoft Anti-Malware as Gen:Win32.ExplorerHijack.IC4@aifXKQfO (Undefined)

---------------------------------------------------------------------------------

File path:       c:\program files\smarttechnology\software\controllers\771bc0c8_ed85_46e1_9413_8aaabaa85d3e.dll
Publisher:       Saitek
MD5:          540d5a9dc10219e49c741c506351ff96
SHA-1:          456753feb39709487c66c645ff4f872b32fb93a8
Created:       4/16/2013 5:36:52 PM
Detections:       1
Determination:       Ignore detections (false positive)
         - Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path:       c:\program files (x86)\dell displays\cxf.dll
Publisher:       GretagMacbeth
MD5:          827bd6b9b7107b2fea0c2983de58e812
SHA-1:          3e95308adc313a303ed6fb77b8367ce12e7d458e
Created:       1/24/2015 1:26:03 AM
Detections:       1
Determination:       Ignore detections (false positive)
         - Rising Antivirus as Suspicious

---------------------------------------------------------------------------------

File path:       c:\users\fred\appdata\local\google\chrome sxs\user data\default\extensions\lpefcenbnmljmhdibmdlomklondnjifp\5.2\content.js
Publisher:       
MD5:          01ad7e2fcaec1553162faab3c1952f23
SHA-1:          df302ec75272bbddfbf55bc31b5b6f4ef74d15d3
Created:       12/20/2014 12:28:39 AM
Detections:       1
Determination:       Inconclusive
         - ESET NOD32 as JS/Chromex.Agent.L trojan (Undefined)


MBAM
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2015
Scan Time: 12:16:47 PM
Logfile: mbam 2a.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.07.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FRED

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378108
Time Elapsed: 5 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Security Check
Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Java 64-bit 8 Update 31[/color] 
 Adobe Reader XI 
 Google Chrome (41.0.2272.76)
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````[/u]

Offline maldock

  • Bronze Member
  • Posts: 12
As for the herdProtect scan, I have yet to remove the 15 detections. Would I be able to do so now?

Quote from you "This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool)."

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

Code: [Select]
:Files
c:\programdata\application data\{3cffe128-7388-ebde-3cff-fe12873884a1}\supremacy 2014 hdrip xvid ac3-evo.exe
c:\programdata\{3cffe128-7388-ebde-3cff-fe12873884a1}\supremacy 2014 hdrip xvid ac3-evo.exe
c:\users\fred\appdata\local\google\chrome sxs\user data\default\extensions\lpefcenbnmljmhdibmdlomklondnjifp\5.2\manifest.json
:Commands
[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Post log from OTM, also let me know if there are any remaining issues or concerns...

Thank you,

Kevin.....

Offline maldock

  • Bronze Member
  • Posts: 12
Hey Kelvin,

As per your instructions and I have installed the latest Java and cleared the old one.
All processes killed
========== FILES ==========
c:\programdata\application data\{3cffe128-7388-ebde-3cff-fe12873884a1}\Supremacy 2014 HDRip XviD AC3-EVO.exe moved successfully.
File/Folder c:\programdata\{3cffe128-7388-ebde-3cff-fe12873884a1}\supremacy 2014 hdrip xvid ac3-evo.exe not found.
c:\users\fred\appdata\local\google\chrome sxs\user data\default\extensions\lpefcenbnmljmhdibmdlomklondnjifp\5.2\manifest.json moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: FRED
->Temp folder emptied: 1064984 bytes
->Temporary Internet Files folder emptied: 46651 bytes
->Java cache emptied: 737269 bytes
->Google Chrome cache emptied: 37496270 bytes
->Flash cache emptied: 40015 bytes
 
User: Guest
 
User: HomeGroupUser$
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153592 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 362513873 bytes
 
Total Files Cleaned = 383.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03072015_174638

Offline maldock

  • Bronze Member
  • Posts: 12
By the way, thank you so much for your advice and help. I feel alot better than I did before I came by this website.

I'm not sure if this would help but these were the errors on my event log the last time it had all 3 symptoms. I opened this up straight after windows restarted with "Windows has recovered from an unexpected shutdown."

Event ID   Errors                       no. of times
1001        Bug Check                       1
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80081fc060, 0xfffff80004417518, 0xfffffa800d7fcb30). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030715-8736-01.
7026        Service Control manager    3
The following boot-start or system-start driver(s) failed to load:
cdrom
10000       WLAN Auto config             3   
WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Please download this program Blue Screen Viewer  and unzip "Bluescreen View.exe" to your desktop.
Next, Select Start > Right click on "Computer" and select "Properties" select "Advanced System Settings" then "Advanced" tab. From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".
Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Next,

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code: [Select]
:filefind
Rtlihvs.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Thanks,

Kevin...

Offline maldock

  • Bronze Member
  • Posts: 12
As per instructed.

BSV
==================================================
Dump File         : 030715-8736-01.dmp
Crash Time        : 3/7/2015 3:57:51 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`081fc060
Parameter 3       : fffff800`04417518
Parameter 4       : fffffa80`0d7fcb30
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\030715-8736-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 829,736
Dump File Time    : 3/7/2015 3:58:31 PM
==================================================

==================================================
Dump File         : 030715-8564-01.dmp
Crash Time        : 3/7/2015 11:21:35 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`081e9e10
Parameter 3       : fffff800`0440c518
Parameter 4       : fffffa80`09fc5c60
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\030715-8564-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 829,784
Dump File Time    : 3/7/2015 11:22:12 AM
==================================================

==================================================
Dump File         : 012315-8283-01.dmp
Crash Time        : 1/23/2015 6:11:22 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`07ebbe10
Parameter 3       : fffff800`04419518
Parameter 4       : fffffa80`0c0bfc60
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+76e80
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+76e80
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\012315-8283-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 852,232
Dump File Time    : 1/23/2015 6:11:56 PM
==================================================

==================================================
Dump File         : 011015-8330-01.dmp
Crash Time        : 1/10/2015 9:01:25 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`07dc2870
Parameter 3       : fffff800`00b9c518
Parameter 4       : fffffa80`0bdaa4e0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\011015-8330-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 840,168
Dump File Time    : 1/10/2015 9:01:57 PM
==================================================


FSS
Farbar Service Scanner Version: 17-01-2015
Ran by FRED (administrator) on 07-03-2015 at 21:54:43
Running from "C:\Users\FRED\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


System Look

SystemLook 30.07.11 by jpshortstuff
Log created at 21:56 on 07/03/2015 by FRED
Administrator - Elevation successful

========== filefind ==========

Searching for "Rtlihvs.dll"
No files found.

-= EOF =-