Win 7 x64 - Virus Blocking Internet Access

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
Hello,

I have a friend whose computer is infected with something and he brought it to me since I am a "techie" person, hehehe. It will not access the internet, but it will access local network drives. Other computers on the network can access the internet (for example, the computer I am using to access this forum).

The computer appears to be in a perpetual feedback loop. When going into the internet properties (either through Chrome or IE), the "Use a proxy server for your LAN" is checked. When it is unchecked, the check replaces itself. The proxy servers are listed as 127.0.0.1:8080. I did a scan with MalwareBytes and SpyBot and neither found anything (in regular and safe mode). I also ran FRST64.exe (and have the log), HijackThis (have the log), FSS (have the log), TDSKiller and AdwCleaner. I reset the hosts file, even though I didn't see anything that could be an issue. I even did a system restore to two weeks prior to the issue, but no luck.

I did discover a process "raptr_ep64.exe" that was opening large numbers of itself with the description "elevation Proxy". I deleted the processes and they didn't respawn after uninstalling and rebooting. I don't know if they were related to the issue.

The computer has Avast running on it.

I have exhausted all my options from scanning the net and seeing what others have done. Since MalwareBytes and SpyBot didn't pick anything up, I am at a lost and hoping someone here can help out. :) He uses his computer for school, but right now it is hooked up to my monitor so I can work on it.

Thanks in advance!

System Info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-4820K CPU @ 3.70GHz, Intel64 Family 6 Model 62 Stepping 4
Processor Count: 8
RAM: 16320 Mb
Graphics Card: AMD Radeon R9 200 Series, -2048 Mb
Hard Drives: C: Total - 244007 MB, Free - 37321 MB; D: Total - 232828 MB, Free - 79853 MB; E: Total - 204799 MB, Free - 409 MB; F: Total - 102399 MB, Free - 10858 MB; G: Total - 716799 MB, Free - 15468 MB; H: Total - 5119 MB, Free - 1428 MB; I: Total - 953865 MB, Free - 140069 MB; J: Total - 468995 MB, Free - 305602 MB; V: Total - 409599 MB, Free - 35718 MB; X: Total - 953865 MB, Free - 30953 MB; Z: Total - 1907599 MB, Free - 106925 MB;
Motherboard: ASUSTeK COMPUTER INC., SABERTOOTH X79
Antivirus: avast! Antivirus, Updated and Enabled
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
This morning, with a fresh perspective, I booted in safe mode (which is hard with Asus and an SSD) and ran more software. I went into IE and unchecked the proxy option again. It stayed unchecked, but still didn't work. I then selected the option to reset Internet Explorer settings, which did the trick. I am not sure if there was/is a virus or if that raptr installation messed up the internet settings through IE somehow.

Internet is still slow, but actually getting through. The check mark still won't leave the internet settings. :(
 

emeraldnzl

Malware Specialist
Joined
Nov 3, 2007
Messages
2,570
Hello Kasimierz,

Welcome to TSG.

Firstly please uninstall Avast from the compromised machine and see if that makes a difference. Might seem funny but there does seem to be something going on with Avast at the moment. Not sure whether it is a bug or malware targeting it. We can reinstall it later when we have finished. :)

After that

Please post the FRST, FSS and RogueKiller logs. You may have to use multiple posts to do that. That is fine.
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
Thanks for your help. Things still aren't 100%. Some internet seems sluggish. Google looks different, but maybe they changed. (For example, when doing a definition search, it used to put selected definitions in a separate box at the top of the search, which isn't there any more. With people searches, it isn't putting the preview with images on the right anymore.)

FSS said it couldn't reach Google, which contradicts me visiting google, but google is slow to respond.

No matter what I do, the LAN proxy check always returns:



FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Admin (administrator) on POLSKA on 07-01-2015 08:40:58
Running from \\Europa\Archives\Appz\spybot
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeSvc.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcveserv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTHelperService.exe
(InstallShield) C:\Program Files (x86)\DTSoft Updater\Updater.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
(Comfort Software Group) D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe
() D:\Utilities\PowerArchiver\PASTARTER.EXE
(Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTShellHlp.exe
() D:\Internet\No-IP\DUC40.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics Co., Ltd.) D:\Hardware\Kies\KiesTrayAgent.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTNotification.exe
(Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcvetray.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInk.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Joyent, Inc) D:\School\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Samsung Electronics.) D:\Hardware\Samsung Magician\Samsung Magician.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCResident.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
(Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
(ESRI) D:\School\ArcGIS Desktop\License\License10.2\bin\ARCGIS.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() D:\Internet\No-IP\ducservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) \\Europa\Archives\Appz\spybot\FRST64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => D:\Business\Office 2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BCWipeTM Startup] => D:\Utilities\BestCrypt\BCWipeTM.exe [1660192 2013-10-17] (Jetico, Inc.)
HKLM-x32\...\Run: [BestCrypt Volume Encryption] => D:\Utilities\BestCrypt\BC_VE\bcfmgr.exe [2662176 2013-10-23] (Jetico Inc. Oy)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2014-05-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Hardware\Kies\KiesTrayAgent.exe [310064 2014-05-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SMARTNotification] => D:\School\SMART Technologies\Education Software\SMARTNotification.exe [190256 2014-06-30] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => D:\School\SMART Technologies\Education Software\SMARTBoardService.exe [1945392 2014-06-30] (SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => D:\School\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2014-06-26] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => D:\School\SMART Technologies\Education Software\SMARTInk.exe [565552 2014-06-18] (SMART Technologies)
HKLM-x32\...\Run: [DivXMediaServer] => D:\Multimedia\Video\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [uTorrent] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe [1316688 2014-06-12] (BitTorrent Inc.)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [FreeAC] => D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [KiesAirMessage] => D:\Hardware\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [PowerArchiver Tray] => D:\Utilities\PowerArchiver\PASTARTER.EXE [1530360 2014-04-25] ()
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [NoIPDUCv4] => D:\Internet\No-IP\DUC40.exe [346624 2014-05-02] ()
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [DAEMON Tools Pro Agent] => D:\Utilities\DAEMON Tools Pro\DTAgent.exe [3759376 2014-11-24] (Disc Soft Ltd)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff3e-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff40-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675daf-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675db9-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {44d6eac0-e875-11e3-8480-806e6f6e6963} - I:\SETUP.EXE /adminfile IU.MSP
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {97aed133-ea3c-11e3-8603-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-09] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: hplun.dll => "hplun.dll" File Not Found
AppInit_DLLs-x32: ,C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-06-09] (Jaksta Technologies Pty Ltd)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
ShortcutTarget: BestCrypt Auto Open.lnk -> D:\Utilities\BestCrypt\BestCrypt.exe (Jetico, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> D:\Hardward\Gigabyte OC Guru II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://hi.ru/search/?q={searchTerms}
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> DefaultScope {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Business\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\..\Interfaces\{AB6385C9-ACAC-4774-833C-82E34E0309E9}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Business\OFFICE~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Business\OFFICE~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ObviousIdea Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
FF Extension: JSOff - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2014-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-05-31]
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [Not Found]
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
FF Extension: No Name - D:\Internet\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (YouTube Center Developer Build) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-06-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-05-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (ActiveGS) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhndampajkkhamolmmnalddigpojomph [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2014-06-02]
CHR HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-05-31]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - D:\Internet\Offline Explorer Enterprise\mpoe.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe [1452408 2014-02-13] (Flexera Software LLC)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
R2 BcveServ; D:\Utilities\BestCrypt\BC_VE\bcveserv.exe [127776 2013-10-23] (Jetico Inc. Oy)
R2 BCWipeSvc; D:\Utilities\BestCrypt\BCWipeSvc.exe [87840 2013-10-17] (Jetico, Inc.)
R3 Disc Soft Bus Service; D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe [2216208 2014-11-24] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
S3 Media Center 19 Service; D:\Multimedia\Audio\Media Center 19\JRService.exe [397896 2014-07-02] (JRiver, Inc.)
S3 Microsoft SharePoint Workspace Audit Service; D:\Business\Office 2010\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
R2 NoIPDUCService4; D:\Internet\No-IP\ducservice.exe [11776 2014-05-02] () [File not signed]
S3 Origin Client Service; D:\Utilities\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SMARTHelperService; D:\School\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-06-30] (SMART Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Updater.exe; C:\Program Files (x86)\DTSoft Updater\Updater.exe [40448 2014-12-03] (InstallShield) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; D:\Utilities\AIDA64 Extreme\kerneld.x64 [34136 2014-03-25] ()
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [80064 2013-10-16] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-15] (Jetico, Inc.)
S4 BCSWAP; C:\Windows\System32\Drivers\BCSWAP.sys [124992 2013-03-05] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [35520 2013-09-25] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [31424 2013-09-24] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [31936 2013-09-24] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [31424 2013-09-24] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [38592 2013-09-24] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [35008 2013-09-24] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [26816 2013-09-24] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [28864 2013-09-24] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [31424 2013-09-24] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [52416 2013-09-24] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [38080 2013-09-24] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [35520 2013-09-24] (Jetico, Inc.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29864 2014-12-06] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-09-16] (Jetico, Inc.)
S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
S3 MftWipeFilter; C:\Windows\System32\Drivers\MftWipeFilter.sys [31488 2013-03-05] (Windows (R) Win 7 DDK provider)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [18624 2013-10-03] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-03-05] (Jetico, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-06-30] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-06-30] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-06-30] (SMART Technologies ULC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-30] (Duplex Secure Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 07:32 - 2015-01-07 07:32 - 00000826 _____ () C:\Users\Admin\Desktop\hosts-clean.txt
2015-01-05 22:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 22:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 22:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 22:12 - 2015-01-06 05:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 21:10 - 2015-01-07 08:40 - 00000000 ____D () C:\FRST
2015-01-05 21:08 - 2015-01-05 21:09 - 00000000 ____D () C:\AdwCleaner
2015-01-05 19:32 - 2015-01-05 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 19:32 - 2015-01-05 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-05 19:00 - 2015-01-05 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 19:00 - 2015-01-05 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 18:29 - 2015-01-05 18:29 - 00000000 ____D () C:\ProgramData\ATI
2015-01-05 17:45 - 2015-01-06 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
2015-01-05 17:45 - 2015-01-05 20:41 - 00000000 ____D () C:\Program Files (x86)\TubeDigger
2014-12-28 21:37 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-12-28 11:35 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-28 11:35 - 2014-12-28 21:37 - 00000850 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-20 12:09 - 2014-12-20 12:10 - 00166912 _____ () C:\Users\Admin\Downloads\TS006206287.xlt
2014-12-20 11:55 - 2014-12-20 11:55 - 00088241 _____ () C:\Users\Admin\Downloads\TS010073881.xltx
2014-12-20 08:36 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2014-12-20 08:36 - 2014-12-20 08:36 - 00000814 _____ () C:\Users\Public\Desktop\Crusader Kings II Way of Life.lnk
2014-12-13 09:49 - 2014-12-13 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV - Collection
2014-12-13 09:44 - 2014-12-13 09:44 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412130944121694.log
2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-13 09:43 - 2014-12-13 09:43 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-08 20:22 - 2014-12-08 20:22 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2014-12-08 19:04 - 2014-12-08 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 08:39 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-07 08:38 - 2014-06-01 07:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-07 08:38 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-07 08:38 - 2014-05-30 19:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 08:38 - 2010-11-20 21:47 - 01350200 _____ () C:\Windows\PFRO.log
2015-01-07 08:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 08:38 - 2009-07-13 22:51 - 00056275 _____ () C:\Windows\setupact.log
2015-01-07 08:37 - 2014-05-31 02:39 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
2015-01-07 08:37 - 2014-05-30 08:20 - 02034287 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 08:34 - 2014-05-30 19:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 07:43 - 2014-05-31 20:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 05:14 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 05:14 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 12:00 - 2014-12-06 20:41 - 00000488 _____ () C:\Windows\Tasks\DTSoft Updater.job
2015-01-06 05:17 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2015-01-06 05:14 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 04:41 - 2014-08-30 14:23 - 00004782 _____ () C:\Windows\system32\Drivers\etc\hosts-ORIG
2015-01-06 04:37 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-05 22:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 20:42 - 2014-05-30 08:19 - 00000000 ____D () C:\Users\Admin
2015-01-05 20:41 - 2014-10-21 16:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-05 20:41 - 2014-09-03 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-05 20:41 - 2014-06-20 14:19 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-05 20:41 - 2014-06-20 12:49 - 00000000 ____D () C:\ProgramData\Skype
2015-01-05 20:41 - 2014-05-31 16:38 - 00000000 ____D () C:\ProgramData\Real
2015-01-05 20:41 - 2014-05-31 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\QuickenWindow
2015-01-05 20:41 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-05 20:41 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-05 18:56 - 2011-04-12 02:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-05 18:27 - 2014-08-30 16:41 - 00000000 ____D () C:\ProgramData\Origin
2014-12-29 16:27 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\Dolina
2014-12-29 07:48 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\BioWare
2014-12-28 14:57 - 2014-09-13 08:18 - 00000000 ____D () C:\Users\Admin\Documents\Car Shopping 2014
2014-12-18 05:32 - 2014-06-03 04:04 - 00003804 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401525552
2014-12-13 09:44 - 2014-05-31 16:46 - 00000000 ____D () C:\ProgramData\AMD
2014-12-13 09:43 - 2014-06-06 11:21 - 00000000 ____D () C:\Program Files\AMD
2014-12-13 09:42 - 2014-06-06 05:27 - 00000000 ____D () C:\AMD
2014-12-13 09:10 - 2014-05-31 15:02 - 00001148 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis 4.lnk
2014-12-12 08:35 - 2014-05-30 19:05 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 15:08 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2014-12-09 20:43 - 2014-05-31 20:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:43 - 2014-05-31 20:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 20:43 - 2014-05-31 20:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 19:04 - 2014-06-21 09:57 - 00000000 ____D () C:\ProgramData\Oracle

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\bitool.dll
C:\Users\Admin\AppData\Local\Temp\Daemon.Tools.Pro.Advanced.v6.0.0.0445.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjhloy.dll
C:\Users\Admin\AppData\Local\Temp\hcwclear.exe
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\ose00001.exe
C:\Users\Admin\AppData\Local\Temp\patchbeam.exe
C:\Users\Admin\AppData\Local\Temp\PidGenX.dll
C:\Users\Admin\AppData\Local\Temp\powarc140031int.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\raptr_stub.exe
C:\Users\Admin\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Admin\AppData\Local\Temp\SMARTProductUpdate.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Admin\AppData\Local\Temp\tmp2377.exe
C:\Users\Admin\AppData\Local\Temp\tmpF82E.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
C:\Users\Admin\AppData\Local\Temp\_is4C1C.exe
C:\Users\Admin\AppData\Local\Temp\_is5A0A.exe
C:\Users\Admin\AppData\Local\Temp\_isCE65.exe
C:\Users\Admin\AppData\Local\Temp\_isDD05.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 23:33

==================== End Of Log ============================
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
FSS

Farbar Service Scanner Version: 21-07-2014
Ran by Admin (administrator) on 07-01-2015 at 08:42:22
Running from "\\Europa\Archives\Appz\spybot"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is unreachable
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
RogueKiller

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Mode : Scan -- Date : 01/07/2015 08:48:22

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] UA.exe(6492) -- C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 22 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://hi.ru/search/?q={searchTerms} -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://hi.ru/search/?q={searchTerms} -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | NameServer : 4.2.2.3,74.40.74.40 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | NameServer : 4.2.2.3,74.40.74.40 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Verizon Wireless Software Utility Application for Android – Samsung.lnk -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [[email protected]] C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 500GB ATA Device +++++
--- User ---
[MBR] bc738119e50c26e18660cdb8b443a0aa
[BSP] 0bb7ef8098c4645203fe45ef225827fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244008 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 499935232 | Size: 232829 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EADS-00L5B1 ATA Device +++++
--- User ---
[MBR] b0770037b5b751a72f23c475dc160ecd
[BSP] 13d276354766debf5c76cc9dc7ce8261 : Unknown MBR Code
Partition table:
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST31000340AS ATA Device +++++
--- User ---
[MBR] 63062c6ab7861120fff494d8096013b3
[BSP] 5a135989c7a35648b7eff9f1b7cb8daf : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD20 EARS-00MVWB0 SCSI Disk Device +++++
--- User ---
[MBR] a65e199d192b519aaa2cb41b6a0f2008
[BSP] f38afeb1756caca50d100b0437ed30f4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14337 | Size: 204799 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 419444736 | Size: 1233924 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1348446208 | Size: 468996 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive4: +++++
--- User ---
[MBR] a4d855b0e98093b514a49b0aa2473abf
[BSP] eac05a64ab652a1eeeb7bb7d47628e4e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 

emeraldnzl

Malware Specialist
Joined
Nov 3, 2007
Messages
2,570
Hello Kazimierz,

I see you ran FRST64.exe from \\Europa\Archives\Appz\spybot.

Please move it to the desktop.

After that

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
So when you return please post
  • Fixlog.txt
  • JRT.txt
 

Attachments

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
Here they are. I had actually ran the FRST64 twice, because I didn't do it as administrator the first time. Once JRT ran, I couldn't access the internet. I had to reboot to get internet back.

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Admin at 2015-01-07 14:14:58 Run:2
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff3e-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff40-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675daf-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675db9-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {44d6eac0-e875-11e3-8480-806e6f6e6963} - I:\SETUP.EXE /adminfile IU.MSP
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {97aed133-ea3c-11e3-8603-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://hi.ru/search/?q={searchTerms}
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> DefaultScope {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
emptytemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1232ff3e-e91a-11e3-a0db-40167e76f56c} => Key not found.
HKCR\CLSID\{1232ff3e-e91a-11e3-a0db-40167e76f56c} => Key not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1232ff40-e91a-11e3-a0db-40167e76f56c} => Key not found.
HKCR\CLSID\{1232ff40-e91a-11e3-a0db-40167e76f56c} => Key not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35675daf-fb18-11e3-88a5-40167e76f56c} => Key not found.
HKCR\CLSID\{35675daf-fb18-11e3-88a5-40167e76f56c} => Key not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35675db9-fb18-11e3-88a5-40167e76f56c} => Key not found.
HKCR\CLSID\{35675db9-fb18-11e3-88a5-40167e76f56c} => Key not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44d6eac0-e875-11e3-8480-806e6f6e6963} => Key not found.
HKCR\CLSID\{44d6eac0-e875-11e3-8480-806e6f6e6963} => Key not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97aed133-ea3c-11e3-8603-40167e76f56c} => Key not found.
HKCR\CLSID\{97aed133-ea3c-11e3-8603-40167e76f56c} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} => Key not found.
HKCR\CLSID\{EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} => Key not found.
EmptyTemp: => Removed 40.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:15:10 ====

JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Admin on Wed 01/07/2015 at 14:17:43.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/07/2015 at 14:19:39.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

emeraldnzl

Malware Specialist
Joined
Nov 3, 2007
Messages
2,570
Hello Kazimierz,

Let's see where we are now.

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
Just so you know, the checkmark on the proxy settings still won't remain unchecked.

B]FRST[/B]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Admin (administrator) on POLSKA on 07-01-2015 19:33:26
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeSvc.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcveserv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTHelperService.exe
(InstallShield) C:\Program Files (x86)\DTSoft Updater\Updater.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
(Comfort Software Group) D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe
(Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTShellHlp.exe
() D:\Utilities\PowerArchiver\PASTARTER.EXE
() D:\Internet\No-IP\DUC40.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics Co., Ltd.) D:\Hardware\Kies\KiesTrayAgent.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTNotification.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInk.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe
(Joyent, Inc) D:\School\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcvetray.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Jetico, Inc.) D:\Utilities\BestCrypt\BCResident.exe
(Samsung Electronics.) D:\Hardware\Samsung Magician\Samsung Magician.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
(Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
(ESRI) D:\School\ArcGIS Desktop\License\License10.2\bin\ARCGIS.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Internet\No-IP\ducservice.exe
(Don HO [email protected]) D:\Utilities\Notepad++\notepad++.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
() D:\Internet\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\Business\Office 2010\Office14\OUTLOOK.EXE
(WinZip Computing, S.L.) C:\Program Files\WinZip\ZipSendService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Electronic Arts) G:\Role Playing\Dragon Age Inquisition\DragonAgeInquisition.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => D:\Business\Office 2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BCWipeTM Startup] => D:\Utilities\BestCrypt\BCWipeTM.exe [1660192 2013-10-17] (Jetico, Inc.)
HKLM-x32\...\Run: [BestCrypt Volume Encryption] => D:\Utilities\BestCrypt\BC_VE\bcfmgr.exe [2662176 2013-10-23] (Jetico Inc. Oy)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2014-05-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Hardware\Kies\KiesTrayAgent.exe [310064 2014-05-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SMARTNotification] => D:\School\SMART Technologies\Education Software\SMARTNotification.exe [190256 2014-06-30] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => D:\School\SMART Technologies\Education Software\SMARTBoardService.exe [1945392 2014-06-30] (SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => D:\School\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2014-06-26] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => D:\School\SMART Technologies\Education Software\SMARTInk.exe [565552 2014-06-18] (SMART Technologies)
HKLM-x32\...\Run: [DivXMediaServer] => D:\Multimedia\Video\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [uTorrent] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe [1316688 2014-06-12] (BitTorrent Inc.)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [FreeAC] => D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [KiesAirMessage] => D:\Hardware\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [PowerArchiver Tray] => D:\Utilities\PowerArchiver\PASTARTER.EXE [1530360 2014-04-25] ()
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [NoIPDUCv4] => D:\Internet\No-IP\DUC40.exe [346624 2014-05-02] ()
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [DAEMON Tools Pro Agent] => D:\Utilities\DAEMON Tools Pro\DTAgent.exe [3759376 2014-11-24] (Disc Soft Ltd)
HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Policies\Explorer: [NoThumbNailCache] 1
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-09] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: hplun.dll => "hplun.dll" File Not Found
AppInit_DLLs-x32: ,C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-06-09] (Jaksta Technologies Pty Ltd)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
ShortcutTarget: BestCrypt Auto Open.lnk -> D:\Utilities\BestCrypt\BestCrypt.exe (Jetico, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> D:\Hardward\Gigabyte OC Guru II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Business\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\..\Interfaces\{AB6385C9-ACAC-4774-833C-82E34E0309E9}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Business\OFFICE~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Business\OFFICE~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ObviousIdea Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
FF Extension: JSOff - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2014-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-05-31]
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [Not Found]
FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
FF Extension: No Name - D:\Internet\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (YouTube Center Developer Build) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-06-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-05-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (ActiveGS) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhndampajkkhamolmmnalddigpojomph [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2014-06-02]
CHR HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-05-31]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - D:\Internet\Offline Explorer Enterprise\mpoe.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe [1452408 2014-02-13] (Flexera Software LLC)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
R2 BcveServ; D:\Utilities\BestCrypt\BC_VE\bcveserv.exe [127776 2013-10-23] (Jetico Inc. Oy)
R2 BCWipeSvc; D:\Utilities\BestCrypt\BCWipeSvc.exe [87840 2013-10-17] (Jetico, Inc.)
R3 Disc Soft Bus Service; D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe [2216208 2014-11-24] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
S3 Media Center 19 Service; D:\Multimedia\Audio\Media Center 19\JRService.exe [397896 2014-07-02] (JRiver, Inc.)
S3 Microsoft SharePoint Workspace Audit Service; D:\Business\Office 2010\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
R2 NoIPDUCService4; D:\Internet\No-IP\ducservice.exe [11776 2014-05-02] () [File not signed]
S3 Origin Client Service; D:\Utilities\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SMARTHelperService; D:\School\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-06-30] (SMART Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Updater.exe; C:\Program Files (x86)\DTSoft Updater\Updater.exe [40448 2014-12-03] (InstallShield) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; D:\Utilities\AIDA64 Extreme\kerneld.x64 [34136 2014-03-25] ()
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [80064 2013-10-16] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-15] (Jetico, Inc.)
S4 BCSWAP; C:\Windows\System32\Drivers\BCSWAP.sys [124992 2013-03-05] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [35520 2013-09-25] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [31424 2013-09-24] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [31936 2013-09-24] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [31424 2013-09-24] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [38592 2013-09-24] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [35008 2013-09-24] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [26816 2013-09-24] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [28864 2013-09-24] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [31424 2013-09-24] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [52416 2013-09-24] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [38080 2013-09-24] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [35520 2013-09-24] (Jetico, Inc.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29864 2014-12-06] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-09-16] (Jetico, Inc.)
S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
S3 MftWipeFilter; C:\Windows\System32\Drivers\MftWipeFilter.sys [31488 2013-03-05] (Windows (R) Win 7 DDK provider)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [18624 2013-10-03] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-03-05] (Jetico, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-06-30] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-06-30] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-06-30] (SMART Technologies ULC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-30] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-07] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:33 - 2015-01-07 19:33 - 00031295 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-07 14:19 - 2015-01-07 14:19 - 00000629 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-07 14:09 - 2015-01-07 14:09 - 00000000 ____D () C:\Windows\ERUNT
2015-01-07 14:07 - 2015-01-07 14:08 - 01707939 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-01-07 13:57 - 2015-01-07 08:40 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-07 08:42 - 2015-01-07 08:42 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-07 08:42 - 2015-01-07 08:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-07 07:32 - 2015-01-07 07:32 - 00000826 _____ () C:\Users\Admin\Desktop\hosts-clean.txt
2015-01-05 22:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 22:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 22:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 22:12 - 2015-01-06 05:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 21:10 - 2015-01-07 19:33 - 00000000 ____D () C:\FRST
2015-01-05 21:08 - 2015-01-05 21:09 - 00000000 ____D () C:\AdwCleaner
2015-01-05 19:32 - 2015-01-05 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 19:32 - 2015-01-05 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-05 19:00 - 2015-01-05 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 19:00 - 2015-01-05 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 18:29 - 2015-01-05 18:29 - 00000000 ____D () C:\ProgramData\ATI
2015-01-05 17:45 - 2015-01-06 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
2015-01-05 17:45 - 2015-01-05 20:41 - 00000000 ____D () C:\Program Files (x86)\TubeDigger
2014-12-28 21:37 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-12-28 11:35 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-28 11:35 - 2014-12-28 21:37 - 00000850 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-20 12:09 - 2014-12-20 12:10 - 00166912 _____ () C:\Users\Admin\Downloads\TS006206287.xlt
2014-12-20 11:55 - 2014-12-20 11:55 - 00088241 _____ () C:\Users\Admin\Downloads\TS010073881.xltx
2014-12-20 08:36 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2014-12-20 08:36 - 2014-12-20 08:36 - 00000814 _____ () C:\Users\Public\Desktop\Crusader Kings II Way of Life.lnk
2014-12-13 09:49 - 2014-12-13 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV - Collection
2014-12-13 09:44 - 2014-12-13 09:44 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412130944121694.log
2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-13 09:43 - 2014-12-13 09:43 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-08 20:22 - 2014-12-08 20:22 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2014-12-08 19:04 - 2014-12-08 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:32 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-07 19:21 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-07 19:13 - 2014-05-31 02:39 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
2015-01-07 18:43 - 2014-05-31 20:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 18:34 - 2014-05-30 19:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 17:08 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 14:26 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 14:26 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 14:24 - 2014-05-30 08:20 - 02047622 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 14:21 - 2014-05-30 19:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 14:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 14:21 - 2009-07-13 22:51 - 00056499 _____ () C:\Windows\setupact.log
2015-01-07 14:16 - 2010-11-20 21:47 - 01378500 _____ () C:\Windows\PFRO.log
2015-01-07 13:58 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-07 10:05 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-07 08:38 - 2014-06-01 07:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-06 12:00 - 2014-12-06 20:41 - 00000488 _____ () C:\Windows\Tasks\DTSoft Updater.job
2015-01-06 05:17 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2015-01-06 04:41 - 2014-08-30 14:23 - 00004782 _____ () C:\Windows\system32\Drivers\etc\hosts-ORIG
2015-01-05 22:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 20:42 - 2014-05-30 08:19 - 00000000 ____D () C:\Users\Admin
2015-01-05 20:41 - 2014-10-21 16:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-05 20:41 - 2014-09-03 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-05 20:41 - 2014-06-20 14:19 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-05 20:41 - 2014-06-20 12:49 - 00000000 ____D () C:\ProgramData\Skype
2015-01-05 20:41 - 2014-05-31 16:38 - 00000000 ____D () C:\ProgramData\Real
2015-01-05 20:41 - 2014-05-31 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\QuickenWindow
2015-01-05 20:41 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-05 18:56 - 2011-04-12 02:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-05 18:27 - 2014-08-30 16:41 - 00000000 ____D () C:\ProgramData\Origin
2014-12-29 16:27 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\Dolina
2014-12-29 07:48 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\BioWare
2014-12-28 14:57 - 2014-09-13 08:18 - 00000000 ____D () C:\Users\Admin\Documents\Car Shopping 2014
2014-12-20 11:08 - 2014-05-31 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\SKIDROW
2014-12-18 05:32 - 2014-06-03 04:04 - 00003804 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401525552
2014-12-13 09:44 - 2014-05-31 16:46 - 00000000 ____D () C:\ProgramData\AMD
2014-12-13 09:43 - 2014-06-06 11:21 - 00000000 ____D () C:\Program Files\AMD
2014-12-13 09:42 - 2014-06-06 05:27 - 00000000 ____D () C:\AMD
2014-12-13 09:10 - 2014-05-31 15:02 - 00001148 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis 4.lnk
2014-12-12 08:35 - 2014-05-30 19:05 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 15:08 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2014-12-09 20:43 - 2014-05-31 20:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:43 - 2014-05-31 20:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 20:43 - 2014-05-31 20:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 19:04 - 2014-06-21 09:57 - 00000000 ____D () C:\ProgramData\Oracle

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\IntResource.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 23:33

==================== End Of Log ============================

Addition


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Admin at 2015-01-07 19:33:50
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Batman - Arkham Origins" (HKLM-x32\...\{C0E2E169-E84A-435A-B680-AB7E3BB1F23C}_is1) (Version: 1.0.0.0 (Update 12) - )
"Watch_Dogs" (HKLM-x32\...\{4F01FAA4-5688-4B10-B243-F8C67D279FA5}_is1) (Version: 0.1.0.1 (Update 1) - )
µTorrent (HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\uTorrent) (Version: 3.4.2.31661 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AIDA64 Extreme v4.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.30 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcGIS 10.2.2 Desktop Tutorial Data (HKLM-x32\...\ArcGIS 10.2.2 Desktop Tutorial Data) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 Desktop Tutorial Data (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 License Manager (HKLM-x32\...\ArcGIS 10.2.2 License Manager) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 License Manager (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
BestCrypt 8.0 (HKLM-x32\...\BestCrypt) (Version: 8.25.3.2 - Jetico Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
Crusader Kings II version 2.1.6 (HKLM-x32\...\{C859826E-C678-41BC-9A6E-CB462C63007D}_is1) (Version: 2.1.6 - Yuzutu, Inc.)
Crusader Kings II Way of Life (HKLM-x32\...\Crusader Kings II Way of Life_is1) (Version: - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - DT Soft Ltd.)
DBFView Trial 4 (HKLM-x32\...\DBFView Trial_is1) (Version: - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dragon Age Inquisition (HKLM-x32\...\Dragon Age Inquisition_is1) (Version: 1.0.0.0 - Релиз от R.G. Steamgames)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.2 - Electronic Arts)
Dream Tale - The Golden Keys (HKLM-x32\...\Dream Tale - The Golden Keys1.0) (Version: 1.0 - Foxy Games)
Dropbox (HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ET GeoTools 11.1 for ArcGIS 10.2 (HKLM-x32\...\{31E930DF-B986-43D5-AF4E-61E2B9D94A98}) (Version: 11.1 - ET SpatialTechniques)
ET GeoWizards 11.1 for ArcGIS 10.2 (HKLM-x32\...\{2F314F78-689D-4380-A969-594C40988DCD}) (Version: 11.1 - ET SpatialTechniques)
Europa Universalis IV - Collection version 1.9.2 (HKLM-x32\...\{77B398F2-FEE1-47B8-9868-F3C1E3147C4C}_is1) (Version: 1.9.2 - Yuzutu, Inc.)
Europa Universalis IV Wealth of Nations (HKLM-x32\...\Europa Universalis IV Wealth of Nations_is1) (Version: - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Far Cry 4 Update V1.4 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.50.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.50.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM-x32\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jaksta Streaming Media Recorder (4.4.3) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.3 - Jaksta Technologies)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JRiver Media Center 19 (HKLM-x32\...\Media Center 19) (Version: 19 - J. River, Inc.)
KMLCSV Converter (HKLM-x32\...\KMLCSV Converter) (Version: 2.2.1 - Choon-Chern Lim)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
MetaProducts Offline Explorer Enterprise (HKLM-x32\...\MetaProducts Offline Explorer Enterprise) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual FoxPro 9.0 Professional - English (HKLM-x32\...\Visual FoxPro 9.0 Professional - English) (Version: - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MyFreeCodec) (Version: - )
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.20 - ConeXware, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowerArchiver 2013 (HKLM-x32\...\PowerArchiver 2013 14.05.06) (Version: 14.05.06 - ConeXware, Inc.)
PowerArchiver 2013 (x32 Version: 14.05.06 - ConeXware, Inc.) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Retailman 1.90.127 (HKLM-x32\...\RetailMan POS_is1) (Version: - )
Risk - 2012 (HKLM-x32\...\Risk - 20121.0) (Version: 1.0 - Foxy Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SMART Ink (HKLM-x32\...\{FC69B741-DC56-4591-97A2-A6BA211B7E76}) (Version: 2.2.590.1 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{84579080-E961-4DE7-93AB-5E2B81A96387}) (Version: 14.1.852.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{890680EC-2F88-47F0-970C-593081E62593}) (Version: 11.6.450.0 - SMART Technologies ULC)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tropico 5 v1.04 (Special Steam Edition)(3 DLC) (HKLM-x32\...\Tropico 5 v1.04 (Special Steam Edition)(3 DLC)1.04) (Version: 1.04 - Friends in War)
TubeDigger 4.8.2 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 4.8.2 - TubeDigger)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinX DVD Ripper Platinum 7.5.8 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
World War 1 Centennial Edition (HKLM-x32\...\World War 1 Centennial Edition_is1) (Version: - )
XMedia Recode version 3.2.0.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.0 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-05-2014 06:13:23 Windows Update
23-05-2014 06:28:14 Windows Update
27-05-2014 06:13:46 Windows Update
16-12-2014 00:00:01 Scheduled Checkpoint
23-12-2014 00:00:01 Scheduled Checkpoint
28-12-2014 11:35:40 Installed DirectX
28-12-2014 21:37:15 Installed DirectX
05-01-2015 18:54:27 Restore Operation
05-01-2015 20:56:51 Installed Microsoft Fix it 50267
05-01-2015 20:58:55 Installed Microsoft Fix it 50566
07-01-2015 07:30:04 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-07 07:32 - 2015-01-07 07:32 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08BA20F8-555B-4258-A7D1-7F9BAA8BF26F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2B8DA0E7-FDA5-4635-94CA-661F64D6B4AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {31DE8D15-52EE-4203-B391-B68D057334EF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {4258BB6F-FDBF-436C-817B-9DA2762EA554} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
Task: {48EAED26-580C-48B0-992D-554D02A9742F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-30] (Google Inc.)
Task: {4C143402-006F-47A0-8889-3BD2DDABE6B0} - System32\Tasks\SamsungMagician => D:\Hardware\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {5472A833-C8BE-47A6-A3EA-15F57CB16EA4} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A1952D85-542C-4A31-8563-3DA8A1D4072F} - System32\Tasks\DTSoft Updater => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\DTSoft Updater\updater.ini"
Task: {B91B494A-7909-47C3-9E84-3AC0C698A500} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2482053066-3626128781-3421568491-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {DC20D36E-C680-496F-B02E-5559E7D27FC7} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {E4379DD1-BCD0-4850-86DE-6705160E3092} - System32\Tasks\Opera scheduled Autoupdate 1401525552 => D:\Internet\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {E9B6122B-9679-4820-A3BD-6E633C20E2C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-30] (Google Inc.)
Task: {F6D2346E-257F-4F11-AB44-D1FB17A6E6F6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2482053066-3626128781-3421568491-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DTSoft Updater.job => C:\Windows\system32\wscript.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-17 04:58 - 2013-09-17 04:58 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-25 13:31 - 2014-04-25 13:31 - 02386936 _____ () D:\Utilities\PowerArchiver\PASHLEXT64.DLL
2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () D:\Utilities\Notepad++\NppShell_06.dll
2014-04-25 12:20 - 2014-04-25 12:20 - 01530360 _____ () D:\Utilities\PowerArchiver\PASTARTER.EXE
2014-05-02 16:55 - 2014-05-02 16:55 - 00346624 _____ () D:\Internet\No-IP\DUC40.exe
2014-01-09 23:26 - 2014-01-09 23:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-05-02 16:58 - 2014-05-02 16:58 - 00011776 _____ () D:\Internet\No-IP\ducservice.exe
2014-12-18 05:32 - 2014-12-18 05:32 - 00535160 _____ () D:\Internet\Opera\26.0.1656.60\opera_crashreporter.exe
2014-12-28 20:08 - 2014-12-28 11:17 - 01836032 _____ () G:\Role Playing\Dragon Age Inquisition\3dmgame.dll
2014-12-28 20:08 - 2014-12-09 03:28 - 00014104 _____ () G:\Role Playing\Dragon Age Inquisition\Engine.BuildInfo_Win64_retail.dll
2014-05-31 16:32 - 2015-01-07 14:21 - 00029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-05-31 16:32 - 2010-06-28 20:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-08-18 11:43 - 2014-11-18 10:45 - 00002048 _____ () D:\Utilities\DAEMON Tools Pro\MSIMG32.dll
2014-05-02 16:55 - 2014-05-02 16:55 - 00071680 _____ () D:\Internet\No-IP\ducapi.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:17 - 2010-10-20 14:45 - 08801120 _____ () D:\Business\Office 2010\Office14\1033\GrooveIntlResource.dll
2014-08-30 13:44 - 2014-08-30 13:44 - 00524712 _____ () C:\Windows\WinSxS\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll
2014-08-30 13:44 - 2014-08-30 13:44 - 00054184 _____ () C:\Windows\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
2014-08-30 13:44 - 2014-08-30 13:44 - 00145328 _____ () C:\Windows\WinSxS\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
2014-08-30 13:44 - 2014-08-30 13:44 - 00022440 _____ () C:\Windows\WinSxS\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
2014-08-30 13:44 - 2014-08-30 13:44 - 00051120 _____ () C:\Windows\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
2014-01-09 23:28 - 2014-01-09 23:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-26 10:42 - 2014-06-26 10:42 - 00277296 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
2014-06-26 10:43 - 2014-06-26 10:43 - 00135984 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
2014-06-26 10:43 - 2014-06-26 10:43 - 00053040 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
2014-06-26 10:43 - 2014-06-26 10:43 - 00057648 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
2014-06-26 10:43 - 2014-06-26 10:43 - 00014848 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
2015-01-07 14:21 - 2015-01-07 14:21 - 00098816 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32api.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00110080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pywintypes27.dll
2015-01-07 14:21 - 2015-01-07 14:21 - 00364544 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pythoncom27.dll
2015-01-07 14:21 - 2015-01-07 14:21 - 00045568 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_socket.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 01160704 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_ssl.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00320512 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32com.shell.shell.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00713216 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_hashlib.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 01175040 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._core_.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00805888 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._gdi_.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00811008 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._windows_.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 01062400 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._controls_.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00735232 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._misc_.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00128512 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_elementtree.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00127488 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pyexpat.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00557056 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pysqlite2._sqlite.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00087552 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_ctypes.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00119808 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32file.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00108544 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32security.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00007168 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\hashobjs_ext.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00167936 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32gui.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00018432 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32event.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00038912 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32inet.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00011264 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32crypt.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00070656 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._html2.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00027136 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_multiprocessing.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00035840 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32process.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00686080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\unicodedata.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00122368 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._wizard.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00024064 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32pipe.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00025600 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32pdh.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00525640 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\windows._lib_cacheinvalidation.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00010240 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\select.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00017408 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32profile.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00022528 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32ts.pyd
2015-01-07 14:21 - 2015-01-07 14:21 - 00078336 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._animate.pyd
2014-05-31 16:34 - 2013-08-19 03:23 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-05-31 16:34 - 2013-08-19 16:21 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-05-31 16:34 - 2014-05-31 16:36 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-05-31 16:34 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-05-31 16:34 - 2012-10-08 16:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-05-31 16:34 - 2013-05-08 15:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2014-05-31 16:34 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2014-05-31 16:34 - 2013-04-15 13:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-05-31 16:34 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-05-31 16:34 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-05-31 16:34 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-05-31 16:34 - 2012-08-29 17:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-05-31 16:34 - 2011-06-08 10:15 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
2014-05-31 16:32 - 2010-08-22 20:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2014-05-31 16:34 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-05-31 16:34 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-06-02 04:42 - 2014-05-06 10:24 - 00013824 _____ () D:\Hardware\Samsung Magician\SAMSUNG_SSD.dll
2014-06-02 04:42 - 2014-05-19 19:20 - 00103424 _____ () D:\Hardware\Samsung Magician\PAL.dll
2014-06-02 04:42 - 2014-05-19 19:20 - 00039424 _____ () D:\Hardware\Samsung Magician\SATA.dll
2014-06-02 04:42 - 2014-05-19 19:19 - 00038400 _____ () D:\Hardware\Samsung Magician\SAT.dll
2014-06-02 04:42 - 2014-05-19 19:20 - 00031232 _____ () D:\Hardware\Samsung Magician\SMINI.dll
2014-06-02 04:42 - 2014-05-19 19:19 - 00029696 _____ () D:\Hardware\Samsung Magician\SAS.dll
2014-12-12 08:35 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 08:35 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 08:35 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 08:35 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 08:35 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2011-07-18 15:07 - 2011-07-18 15:07 - 00014336 _____ () D:\Utilities\Notepad++\plugins\NppExport.dll
2014-01-06 17:42 - 2014-01-06 17:42 - 01611264 _____ () D:\Utilities\Notepad++\plugins\NppFTP.dll
2014-12-18 05:32 - 2014-12-18 05:32 - 01358456 _____ () D:\Internet\Opera\26.0.1656.60\libglesv2.dll
2014-12-18 05:32 - 2014-12-18 05:32 - 00219256 _____ () D:\Internet\Opera\26.0.1656.60\libegl.dll
2014-12-18 05:32 - 2014-12-18 05:32 - 09312888 _____ () D:\Internet\Opera\26.0.1656.60\pdf.dll
2014-12-18 05:32 - 2014-12-18 05:32 - 00991352 _____ () D:\Internet\Opera\26.0.1656.60\ffmpegsumo.dll
2014-12-09 20:43 - 2014-12-09 20:43 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-09-05 11:05 - 2011-09-05 11:05 - 04160416 _____ () D:\Multimedia\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () D:\Business\Office 2010\Office14\ADDINS\UmOutlookAddin.dll
2013-07-31 16:50 - 2013-07-31 16:50 - 00499712 ____R () C:\Program Files\WinZip\adxloader.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\Cookies:m5Ra5tnPnUpnObdPWnYvOj5
AlternateDataStreams: C:\Users\Admin\AppData\Local\LVsPryR0g7ddNf:hEfUDXCRr9YLhFqdtp8MLc
AlternateDataStreams: C:\Users\Admin\AppData\Local\RtN9ww3yN1G8Ck:faXRxnbCGuKSVR2os7A

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29768712.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29768712.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

========================= Accounts: ==========================

Admin (S-1-5-21-2482053066-3626128781-3421568491-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2482053066-3626128781-3421568491-500 - Administrator - Disabled)
Guest (S-1-5-21-2482053066-3626128781-3421568491-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2482053066-3626128781-3421568491-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 02:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/07/2015 02:21:45 PM) (Source: DCOM) (EventID: 10016) (User: Polska)
Description: application-specificLocalActivation{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}PolskaAdminS-1-5-21-2482053066-3626128781-3421568491-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/07/2015 02:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4820K CPU @ 3.70GHz
Percentage of memory in use: 46%
Total physical RAM: 16320.18 MB
Available physical RAM: 8756.64 MB
Total Pagefile: 32638.53 MB
Available Pagefile: 22166.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:238.29 GB) (Free:51.66 GB) NTFS
Drive d: (Hard Drive) (Fixed) (Total:227.37 GB) (Free:78.31 GB) NTFS
Drive e: (Win 7 -OLD) (Fixed) (Total:200 GB) (Free:0.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Hard Drive - OLD) (Fixed) (Total:100 GB) (Free:10.6 GB) NTFS
Drive g: (Games) (Fixed) (Total:700 GB) (Free:15.11 GB) NTFS
Drive h: (Cache) (Fixed) (Total:5 GB) (Free:1.4 GB) NTFS
Drive i: (Archives) (Fixed) (Total:931.51 GB) (Free:136.79 GB) NTFS
Drive j: (Multimedia FIles) (Fixed) (Total:458 GB) (Free:297.42 GB) NTFS
Drive v: (Video Scratch Disk) (Fixed) (Total:400 GB) (Free:34.88 GB) NTFS
Drive x: (Archives 1TB) (Fixed) (Total:931.51 GB) (Free:30.23 GB) NTFS
Drive z: (2TB Archives) (Fixed) (Total:1862.89 GB) (Free:104.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C51155E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=227.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 47889787)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: DAB07BA5)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B43A33C3)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1205 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 02312E83)

Partition: GPT Partition Type.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 900 GB) (Disk ID: D44EF049)
Partition 1: (Not Active) - (Size=900 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

emeraldnzl

Malware Specialist
Joined
Nov 3, 2007
Messages
2,570
Just so you know, the checkmark on the proxy settings still won't remain unchecked.
Hmm... FRST reported that it had fixed those so something is returning them to that position.

We will have another look at that later, meanwhile please do this:

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.



Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Next

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.
Note: rKill.txt log can also be found on your desktop.

When you return please post
  • AdwCleaner log
  • rKill.txt
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
Although the check is there I am not getting the loopback effect and have internet access on the machine. The internet isn't back to normal, from what I can tell. There are some video streaming sites that my friend uses that won't stream. Others do without issue. If I use my computer to access the sites, it is fine, using the same home network access.


AdCleaner

# AdwCleaner v4.106 - Report created 07/01/2015 at 21:40:58
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Admin - POLSKA
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95


-\\ Opera v0.0.0.0

[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : edjkooiccbgjhlpfhkknkjhfpmjkmelk
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : nlgdemkdapolikbjimjajpmonpbpmipk
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
[C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aonedlchkbicmhepimiahfalheedjgbh

*************************

AdwCleaner[R0].txt - [5870 octets] - [05/01/2015 21:08:11]
AdwCleaner[R1].txt - [2975 octets] - [07/01/2015 20:53:26]
AdwCleaner[S0].txt - [6701 octets] - [05/01/2015 21:09:29]
AdwCleaner[S1].txt - [2928 octets] - [07/01/2015 21:40:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2988 octets] ##########


rKill

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2015 09:43:22 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/07/2015 09:43:33 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
 

emeraldnzl

Malware Specialist
Joined
Nov 3, 2007
Messages
2,570
Hello Kazimierz,

Please download Malwarebytes Anti-Rootkit to your desktop from here.
  • Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
  • Click OK at the installer screen that comes up.
  • The software will be extracted and will open.
  • Click Next at the first screen.
  • The Update Database screen will appear. Click the Update button.
  • Once updated, click the Next button.
  • On the Scan System screen, click the Scan button.
  • Once, the Scan is finished click on the Cleanup button to remove any threats and reboot if prompted to do so. If no threats are found just close the programme.
  • If threats were found, then after the reboot, re-run the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.

Whether threats were found or not there will be a folder named mbar on your desktop. Open this folder and you will find in the list that presents with a file named mbar-log-...txt and another named system log.txt. Please open the files one at a time and copy and paste the contents of each back here.
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
I haven't run the items yet, but I did discover something. I was checking to see if the streaming issue was related to something using bandwidth. Now, while it wasn't using an awful lot, there was a process using the most: "updater.exe". I killed the process and lost all internet access. I rebooted and, sure enough, it was running and I had internet. I went into services and stopped the service, which resulted in losing internet. I restored it, so I could get access to this site and the cleaning software.

It is listed as an updater for DaemonTools, but it doesn't seem to be acting like it.

I will now follow your instructions before heading to bed.
 

Kazimierz

Thread Starter
Joined
Jan 5, 2015
Messages
19
LOG FILE

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Admin :: POLSKA [administrator]

1/7/2015 10:28:12 PM
mbar-log-2015-01-07 (22-28-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 380400
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

SYSTEM LOG

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, V:\ DRIVE_FIXED, X:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.700000 GHz
Memory total: 17112944640, free: 14242582528

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, V:\ DRIVE_FIXED, X:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.700000 GHz
Memory total: 17112944640, free: 14260002816

Downloaded database version: v2015.01.08.03
Downloaded database version: v2015.01.07.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
01/07/2015 22:28:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\mv91cons.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\fsh.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\bcfnt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\BC_3DES.SYS
\SystemRoot\System32\Drivers\BC_BF128.SYS
\SystemRoot\System32\Drivers\BC_BF448.SYS
\SystemRoot\System32\Drivers\BC_BFish.SYS
\SystemRoot\System32\Drivers\BC_CAST.SYS
\SystemRoot\System32\Drivers\BC_DES.SYS
\SystemRoot\System32\Drivers\BC_Gost.SYS
\SystemRoot\System32\Drivers\BC_IDEA.SYS
\SystemRoot\System32\Drivers\BC_RC6.SYS
\SystemRoot\System32\Drivers\BC_RIJN.SYS
\SystemRoot\System32\Drivers\BC_SERP.SYS
\SystemRoot\System32\Drivers\BC_TFISH.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\bcbus.sys
\SystemRoot\SysWow64\drivers\AsUpIO.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\ICCWDT.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\jakndis.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtscsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\SMARTMouseFilterx64.sys
\SystemRoot\System32\Drivers\moh.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\SysWow64\drivers\ASUSFILTER.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\mhk.SYS
\SystemRoot\system32\DRIVERS\ssudbus.sys
\SystemRoot\system32\DRIVERS\ssudmdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\mrxdav.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800dc65060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa800d977060
Lower Device Driver Name: \Driver\mvs91xx\
IRP handler 0 of \Driver\mvs91xx points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800dc65060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa800d977060
Lower Device Driver Name: \Driver\mvs91xx\
Driver name found: mvs91xx
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800dc64060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xfffffa800d9a7060
Lower Device Driver Name: \Driver\mvs91xx\
Driver name found: mvs91xx
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800dc63060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa800d978060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800dc62060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800d95e060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800dc43790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800d92f680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800dc43790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800db3fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800db3eba0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
DevicePointer: 0xfffffa800dc43790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d96e4e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800d92f680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
Upper DeviceData: 0xfffff8a008785820, 0xfffffa800dc43790, 0xfffffa800ce5c090
Lower DeviceData: 0xfffff8a013916920, 0xfffffa800d92f680, 0xfffffa800ce5d630
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6C51155E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 499728384

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 499935232 Numsec = 476833792

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800dc62060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800db41b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800db3f8b0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
DevicePointer: 0xfffffa800dc62060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d953520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800d95e060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
Upper DeviceData: 0xfffff8a00898a1c0, 0xfffffa800dc62060, 0xfffffa800ce5f090
Lower DeviceData: 0xfffff8a008ae0560, 0xfffffa800d95e060, 0xfffffa800ce2c660
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 47889787

Partition information:

Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800dc63060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800db44b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800db409b0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
DevicePointer: 0xfffffa800dc63060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d978060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
Upper DeviceData: 0xfffff8a0125b0250, 0xfffffa800dc63060, 0xfffffa800ce60090
Lower DeviceData: 0xfffff8a008fb4220, 0xfffffa800d978060, 0xfffffa800ce55660
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DAB07BA5

Partition information:

Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa800dc64060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800dc62b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800db448b0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
DevicePointer: 0xfffffa800dc64060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d9a7060, DeviceName: \Device\00000082\, DriverName: \Driver\mvs91xx\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
Upper DeviceData: 0xfffff8a012b52c00, 0xfffffa800dc64060, 0xfffffa800ce67790
Lower DeviceData: 0xfffff8a00877d4f0, 0xfffffa800d9a7060, 0xfffffa800ce5daa0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B43A33C3

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 14337 Numsec = 419430399
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 419444736 Numsec = 2527076352

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2946521088 Numsec = 960503808

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa800dc65060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800db45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800dc64b60, DeviceName: Unknown, DriverName: \Driver\bcfnt\
DevicePointer: 0xfffffa800dc65060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d977060, DeviceName: \Device\00000083\, DriverName: \Driver\mvs91xx\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
Upper DeviceData: 0xfffff8a013924970, 0xfffffa800dc65060, 0xfffffa800ce68090
Lower DeviceData: 0xfffff8a012c29bd0, 0xfffffa800d977060, 0xfffffa800ce61aa0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 2312E83

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1235259657
GPT Header CurrentLba = 1 BackupLba 3907029167
GPT Header FirstUsableLba 34 LastUsableLba 3907029134
GPT Header Guid d94ea31d-5bbd-4bfa-b6f6-26e52f5d7d82
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1235259657
Backup GPT header CurrentLba = 3907029167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
Backup GPT header Guid d94ea31d-5bbd-4bfa-b6f6-26e52f5d7d82
Backup GPT header Contains 128 partition entries starting at LBA 3907029135
Backup GPT header Partition entry size = 128

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 5a988fc0-a0f6-4793-82fd-9223dbe33e8d
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID b03048dd-79b5-4c5a-ab74-1eea7d6995ca
FirstLBA 264192 Last LBA 3907028991
Attributes 0
Partition Name Basic data partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-14337-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removal finished
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top