1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 7 x64 - Virus Blocking Internet Access

Discussion in 'Virus & Other Malware Removal' started by Kazimierz, Jan 5, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    Hello,

    I have a friend whose computer is infected with something and he brought it to me since I am a "techie" person, hehehe. It will not access the internet, but it will access local network drives. Other computers on the network can access the internet (for example, the computer I am using to access this forum).

    The computer appears to be in a perpetual feedback loop. When going into the internet properties (either through Chrome or IE), the "Use a proxy server for your LAN" is checked. When it is unchecked, the check replaces itself. The proxy servers are listed as 127.0.0.1:8080. I did a scan with MalwareBytes and SpyBot and neither found anything (in regular and safe mode). I also ran FRST64.exe (and have the log), HijackThis (have the log), FSS (have the log), TDSKiller and AdwCleaner. I reset the hosts file, even though I didn't see anything that could be an issue. I even did a system restore to two weeks prior to the issue, but no luck.

    I did discover a process "raptr_ep64.exe" that was opening large numbers of itself with the description "elevation Proxy". I deleted the processes and they didn't respawn after uninstalling and rebooting. I don't know if they were related to the issue.

    The computer has Avast running on it.

    I have exhausted all my options from scanning the net and seeing what others have done. Since MalwareBytes and SpyBot didn't pick anything up, I am at a lost and hoping someone here can help out. :) He uses his computer for school, but right now it is hooked up to my monitor so I can work on it.

    Thanks in advance!

    System Info:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7-4820K CPU @ 3.70GHz, Intel64 Family 6 Model 62 Stepping 4
    Processor Count: 8
    RAM: 16320 Mb
    Graphics Card: AMD Radeon R9 200 Series, -2048 Mb
    Hard Drives: C: Total - 244007 MB, Free - 37321 MB; D: Total - 232828 MB, Free - 79853 MB; E: Total - 204799 MB, Free - 409 MB; F: Total - 102399 MB, Free - 10858 MB; G: Total - 716799 MB, Free - 15468 MB; H: Total - 5119 MB, Free - 1428 MB; I: Total - 953865 MB, Free - 140069 MB; J: Total - 468995 MB, Free - 305602 MB; V: Total - 409599 MB, Free - 35718 MB; X: Total - 953865 MB, Free - 30953 MB; Z: Total - 1907599 MB, Free - 106925 MB;
    Motherboard: ASUSTeK COMPUTER INC., SABERTOOTH X79
    Antivirus: avast! Antivirus, Updated and Enabled
     
  2. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    This morning, with a fresh perspective, I booted in safe mode (which is hard with Asus and an SSD) and ran more software. I went into IE and unchecked the proxy option again. It stayed unchecked, but still didn't work. I then selected the option to reset Internet Explorer settings, which did the trick. I am not sure if there was/is a virus or if that raptr installation messed up the internet settings through IE somehow.

    Internet is still slow, but actually getting through. The check mark still won't leave the internet settings. :(
     
  3. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello Kasimierz,

    Welcome to TSG.

    Firstly please uninstall Avast from the compromised machine and see if that makes a difference. Might seem funny but there does seem to be something going on with Avast at the moment. Not sure whether it is a bug or malware targeting it. We can reinstall it later when we have finished. :)

    After that

    Please post the FRST, FSS and RogueKiller logs. You may have to use multiple posts to do that. That is fine.
     
  4. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    Thanks for your help. Things still aren't 100%. Some internet seems sluggish. Google looks different, but maybe they changed. (For example, when doing a definition search, it used to put selected definitions in a separate box at the top of the search, which isn't there any more. With people searches, it isn't putting the preview with images on the right anymore.)

    FSS said it couldn't reach Google, which contradicts me visiting google, but google is slow to respond.

    No matter what I do, the LAN proxy check always returns:

    [​IMG]

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
    Ran by Admin (administrator) on POLSKA on 07-01-2015 08:40:58
    Running from \\Europa\Archives\Appz\spybot
    Loaded Profile: Admin (Available profiles: Admin)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeSvc.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
    (Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcveserv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTHelperService.exe
    (InstallShield) C:\Program Files (x86)\DTSoft Updater\Updater.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
    (Comfort Software Group) D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe
    () D:\Utilities\PowerArchiver\PASTARTER.EXE
    (Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTShellHlp.exe
    () D:\Internet\No-IP\DUC40.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTAgent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Adobe Systems Inc.) D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Samsung Electronics Co., Ltd.) D:\Hardware\Kies\KiesTrayAgent.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTNotification.exe
    (Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcvetray.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTBoardService.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInk.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    (Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Joyent, Inc) D:\School\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    (Samsung Electronics.) D:\Hardware\Samsung Magician\Samsung Magician.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    (SAMSUNG Electornics Co., Ltd.) C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCResident.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
    (Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
    (ESRI) D:\School\ArcGIS Desktop\License\License10.2\bin\ARCGIS.exe
    (Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () D:\Internet\No-IP\ducservice.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Farbar) \\Europa\Archives\Appz\spybot\FRST64.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [BCSSync] => D:\Business\Office 2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [BCWipeTM Startup] => D:\Utilities\BestCrypt\BCWipeTM.exe [1660192 2013-10-17] (Jetico, Inc.)
    HKLM-x32\...\Run: [BestCrypt Volume Encryption] => D:\Utilities\BestCrypt\BC_VE\bcfmgr.exe [2662176 2013-10-23] (Jetico Inc. Oy)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2014-05-31] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [KiesTrayAgent] => D:\Hardware\Kies\KiesTrayAgent.exe [310064 2014-05-27] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [SMARTNotification] => D:\School\SMART Technologies\Education Software\SMARTNotification.exe [190256 2014-06-30] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Service] => D:\School\SMART Technologies\Education Software\SMARTBoardService.exe [1945392 2014-06-30] (SMART Technologies)
    HKLM-x32\...\Run: [sbsdk-server] => D:\School\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2014-06-26] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Ink] => D:\School\SMART Technologies\Education Software\SMARTInk.exe [565552 2014-06-18] (SMART Technologies)
    HKLM-x32\...\Run: [DivXMediaServer] => D:\Multimedia\Video\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [uTorrent] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe [1316688 2014-06-12] (BitTorrent Inc.)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [FreeAC] => D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [KiesAirMessage] => D:\Hardware\Kies\KiesAirMessage.exe -startup
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [PowerArchiver Tray] => D:\Utilities\PowerArchiver\PASTARTER.EXE [1530360 2014-04-25] ()
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [NoIPDUCv4] => D:\Internet\No-IP\DUC40.exe [346624 2014-05-02] ()
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [DAEMON Tools Pro Agent] => D:\Utilities\DAEMON Tools Pro\DTAgent.exe [3759376 2014-11-24] (Disc Soft Ltd)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Policies\Explorer: [NoThumbNailCache] 1
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff3e-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff40-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675daf-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675db9-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {44d6eac0-e875-11e3-8480-806e6f6e6963} - I:\SETUP.EXE /adminfile IU.MSP
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {97aed133-ea3c-11e3-8603-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
    AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-09] (Jaksta Technologies Pty Ltd)
    AppInit_DLLs-x32: hplun.dll => "hplun.dll" File Not Found
    AppInit_DLLs-x32: ,C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-06-09] (Jaksta Technologies Pty Ltd)
    Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
    ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
    Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
    ShortcutTarget: BestCrypt Auto Open.lnk -> D:\Utilities\BestCrypt\BestCrypt.exe (Jetico, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> D:\Hardward\Gigabyte OC Guru II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://hi.ru/search/?q={searchTerms}
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> DefaultScope {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Business\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Tcpip\..\Interfaces\{AB6385C9-ACAC-4774-833C-82E34E0309E9}: [NameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Business\OFFICE~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Business\OFFICE~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: ObviousIdea Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
    FF Extension: JSOff - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
    FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2014-05-31]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-30]
    FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-05-31]
    FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
    FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [Not Found]
    FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
    FF Extension: No Name - D:\Internet\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
    CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
    CHR Extension: (YouTube Center Developer Build) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-06-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
    CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
    CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-05-31]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
    CHR Extension: (ActiveGS) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhndampajkkhamolmmnalddigpojomph [2014-09-11]
    CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
    CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
    CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2014-06-02]
    CHR HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-05-31]
    CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - D:\Internet\Offline Explorer Enterprise\mpoe.crx [2014-04-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ArcGIS License Manager; D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe [1452408 2014-02-13] (Flexera Software LLC)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
    R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
    R2 BcveServ; D:\Utilities\BestCrypt\BC_VE\bcveserv.exe [127776 2013-10-23] (Jetico Inc. Oy)
    R2 BCWipeSvc; D:\Utilities\BestCrypt\BCWipeSvc.exe [87840 2013-10-17] (Jetico, Inc.)
    R3 Disc Soft Bus Service; D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe [2216208 2014-11-24] (Disc Soft Ltd)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
    S3 Media Center 19 Service; D:\Multimedia\Audio\Media Center 19\JRService.exe [397896 2014-07-02] (JRiver, Inc.)
    S3 Microsoft SharePoint Workspace Audit Service; D:\Business\Office 2010\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
    R2 NoIPDUCService4; D:\Internet\No-IP\ducservice.exe [11776 2014-05-02] () [File not signed]
    S3 Origin Client Service; D:\Utilities\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 SMARTHelperService; D:\School\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-06-30] (SMART Technologies)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 Updater.exe; C:\Program Files (x86)\DTSoft Updater\Updater.exe [40448 2014-12-03] (InstallShield) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AIDA64Driver; D:\Utilities\AIDA64 Extreme\kerneld.x64 [34136 2014-03-25] ()
    R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
    R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
    R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [80064 2013-10-16] (Jetico, Inc.)
    R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-15] (Jetico, Inc.)
    S4 BCSWAP; C:\Windows\System32\Drivers\BCSWAP.sys [124992 2013-03-05] (Jetico, Inc.)
    R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [35520 2013-09-25] (Jetico, Inc.)
    R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [31424 2013-09-24] (Jetico, Inc.)
    R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [31936 2013-09-24] (Jetico, Inc.)
    R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [31424 2013-09-24] (Jetico, Inc.)
    R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [38592 2013-09-24] (Jetico, Inc.)
    R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [35008 2013-09-24] (Jetico, Inc.)
    R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [26816 2013-09-24] (Jetico, Inc.)
    R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [28864 2013-09-24] (Iarsn)
    R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [31424 2013-09-24] (Michael Oestergaard Pedersen)
    R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [52416 2013-09-24] (Jetico, Inc.)
    R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [38080 2013-09-24] (Michael Oestergaard Pedersen)
    R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [35520 2013-09-24] (Jetico, Inc.)
    R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29864 2014-12-06] (Disc Soft Ltd)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
    R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-09-16] (Jetico, Inc.)
    S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
    R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
    S3 MftWipeFilter; C:\Windows\System32\Drivers\MftWipeFilter.sys [31488 2013-03-05] (Windows (R) Win 7 DDK provider)
    R3 mhk; C:\Windows\System32\Drivers\mhk.sys [18624 2013-10-03] (Jetico, Inc.)
    R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-03-05] (Jetico, Inc.)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-06-30] (SMART Technologies)
    R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-06-30] (SMART Technologies)
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-06-30] (SMART Technologies ULC)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-30] (Duplex Secure Ltd.)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 07:32 - 2015-01-07 07:32 - 00000826 _____ () C:\Users\Admin\Desktop\hosts-clean.txt
    2015-01-05 22:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-05 22:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-05 22:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-05 22:12 - 2015-01-06 05:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-05 21:10 - 2015-01-07 08:40 - 00000000 ____D () C:\FRST
    2015-01-05 21:08 - 2015-01-05 21:09 - 00000000 ____D () C:\AdwCleaner
    2015-01-05 19:32 - 2015-01-05 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-01-05 19:32 - 2015-01-05 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-01-05 19:00 - 2015-01-05 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-05 19:00 - 2015-01-05 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-05 18:29 - 2015-01-05 18:29 - 00000000 ____D () C:\ProgramData\ATI
    2015-01-05 17:45 - 2015-01-06 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
    2015-01-05 17:45 - 2015-01-05 20:41 - 00000000 ____D () C:\Program Files (x86)\TubeDigger
    2014-12-28 21:37 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2014-12-28 11:35 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
    2014-12-28 11:35 - 2014-12-28 21:37 - 00000850 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
    2014-12-20 12:09 - 2014-12-20 12:10 - 00166912 _____ () C:\Users\Admin\Downloads\TS006206287.xlt
    2014-12-20 11:55 - 2014-12-20 11:55 - 00088241 _____ () C:\Users\Admin\Downloads\TS010073881.xltx
    2014-12-20 08:36 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
    2014-12-20 08:36 - 2014-12-20 08:36 - 00000814 _____ () C:\Users\Public\Desktop\Crusader Kings II Way of Life.lnk
    2014-12-13 09:49 - 2014-12-13 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV - Collection
    2014-12-13 09:44 - 2014-12-13 09:44 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412130944121694.log
    2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-12-13 09:43 - 2014-12-13 09:43 - 00000000 ____D () C:\Program Files (x86)\AMD
    2014-12-08 20:22 - 2014-12-08 20:22 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
    2014-12-08 19:04 - 2014-12-08 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-12-08 19:04 - 2014-12-08 19:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\Program Files (x86)\Java

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 08:39 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
    2015-01-07 08:38 - 2014-06-01 07:21 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-07 08:38 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
    2015-01-07 08:38 - 2014-05-30 19:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-07 08:38 - 2010-11-20 21:47 - 01350200 _____ () C:\Windows\PFRO.log
    2015-01-07 08:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-07 08:38 - 2009-07-13 22:51 - 00056275 _____ () C:\Windows\setupact.log
    2015-01-07 08:37 - 2014-05-31 02:39 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
    2015-01-07 08:37 - 2014-05-30 08:20 - 02034287 _____ () C:\Windows\WindowsUpdate.log
    2015-01-07 08:34 - 2014-05-30 19:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-07 07:43 - 2014-05-31 20:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-07 05:14 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-07 05:14 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-06 12:00 - 2014-12-06 20:41 - 00000488 _____ () C:\Windows\Tasks\DTSoft Updater.job
    2015-01-06 05:17 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
    2015-01-06 05:14 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-06 04:41 - 2014-08-30 14:23 - 00004782 _____ () C:\Windows\system32\Drivers\etc\hosts-ORIG
    2015-01-06 04:37 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
    2015-01-05 22:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-05 20:42 - 2014-05-30 08:19 - 00000000 ____D () C:\Users\Admin
    2015-01-05 20:41 - 2014-10-21 16:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-05 20:41 - 2014-09-03 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2015-01-05 20:41 - 2014-06-20 14:19 - 00000000 ____D () C:\ProgramData\FLEXnet
    2015-01-05 20:41 - 2014-06-20 12:49 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-05 20:41 - 2014-05-31 16:38 - 00000000 ____D () C:\ProgramData\Real
    2015-01-05 20:41 - 2014-05-31 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\QuickenWindow
    2015-01-05 20:41 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
    2015-01-05 20:41 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
    2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-05 18:56 - 2011-04-12 02:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-01-05 18:27 - 2014-08-30 16:41 - 00000000 ____D () C:\ProgramData\Origin
    2014-12-29 16:27 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\Dolina
    2014-12-29 07:48 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\BioWare
    2014-12-28 14:57 - 2014-09-13 08:18 - 00000000 ____D () C:\Users\Admin\Documents\Car Shopping 2014
    2014-12-18 05:32 - 2014-06-03 04:04 - 00003804 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401525552
    2014-12-13 09:44 - 2014-05-31 16:46 - 00000000 ____D () C:\ProgramData\AMD
    2014-12-13 09:43 - 2014-06-06 11:21 - 00000000 ____D () C:\Program Files\AMD
    2014-12-13 09:42 - 2014-06-06 05:27 - 00000000 ____D () C:\AMD
    2014-12-13 09:10 - 2014-05-31 15:02 - 00001148 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis 4.lnk
    2014-12-12 08:35 - 2014-05-30 19:05 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-11 15:08 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
    2014-12-09 20:43 - 2014-05-31 20:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-09 20:43 - 2014-05-31 20:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-09 20:43 - 2014-05-31 20:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-08 19:04 - 2014-06-21 09:57 - 00000000 ____D () C:\ProgramData\Oracle

    Some content of TEMP:
    ====================
    C:\Users\Admin\AppData\Local\Temp\bitool.dll
    C:\Users\Admin\AppData\Local\Temp\Daemon.Tools.Pro.Advanced.v6.0.0.0445.exe
    C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjhloy.dll
    C:\Users\Admin\AppData\Local\Temp\hcwclear.exe
    C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Admin\AppData\Local\Temp\npp.6.6.9.Installer.exe
    C:\Users\Admin\AppData\Local\Temp\ose00000.exe
    C:\Users\Admin\AppData\Local\Temp\ose00001.exe
    C:\Users\Admin\AppData\Local\Temp\patchbeam.exe
    C:\Users\Admin\AppData\Local\Temp\PidGenX.dll
    C:\Users\Admin\AppData\Local\Temp\powarc140031int.exe
    C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
    C:\Users\Admin\AppData\Local\Temp\raptr_stub.exe
    C:\Users\Admin\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
    C:\Users\Admin\AppData\Local\Temp\SMARTProductUpdate.exe
    C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
    C:\Users\Admin\AppData\Local\Temp\tmp2377.exe
    C:\Users\Admin\AppData\Local\Temp\tmpF82E.exe
    C:\Users\Admin\AppData\Local\Temp\vlc-2.1.5-win64.exe
    C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
    C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
    C:\Users\Admin\AppData\Local\Temp\_is4C1C.exe
    C:\Users\Admin\AppData\Local\Temp\_is5A0A.exe
    C:\Users\Admin\AppData\Local\Temp\_isCE65.exe
    C:\Users\Admin\AppData\Local\Temp\_isDD05.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-05 23:33

    ==================== End Of Log ============================
     
  5. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    FSS

    Farbar Service Scanner Version: 21-07-2014
    Ran by Admin (administrator) on 07-01-2015 at 08:42:22
    Running from "\\Europa\Archives\Appz\spybot"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Google.com returned error: Google.com is unreachable
    Yahoo.com is accessible.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  6. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    RogueKiller

    RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Admin [Administrator]
    Mode : Scan -- Date : 01/07/2015 08:48:22

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] UA.exe(6492) -- C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 22 ¤¤¤
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
    [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://hi.ru/search/?q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://hi.ru/search/?q={searchTerms} -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | NameServer : 4.2.2.3,74.40.74.40 [UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | NameServer : 4.2.2.3,74.40.74.40 [UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_605E\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4BA37037-2209-4BA1-89F3-B5E33C2D6270} | DhcpNameServer : 74.40.74.40 74.40.74.41 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_6424\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] Verizon Wireless Software Utility Application for Android – Samsung.lnk -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [[email protected]] C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe -> Found

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 EVO 500GB ATA Device +++++
    --- User ---
    [MBR] bc738119e50c26e18660cdb8b443a0aa
    [BSP] 0bb7ef8098c4645203fe45ef225827fe : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244008 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 499935232 | Size: 232829 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EADS-00L5B1 ATA Device +++++
    --- User ---
    [MBR] b0770037b5b751a72f23c475dc160ecd
    [BSP] 13d276354766debf5c76cc9dc7ce8261 : Unknown MBR Code
    Partition table:
    1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: ST31000340AS ATA Device +++++
    --- User ---
    [MBR] 63062c6ab7861120fff494d8096013b3
    [BSP] 5a135989c7a35648b7eff9f1b7cb8daf : Windows Vista/7/8 MBR Code
    Partition table:
    1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive3: WDC WD20 EARS-00MVWB0 SCSI Disk Device +++++
    --- User ---
    [MBR] a65e199d192b519aaa2cb41b6a0f2008
    [BSP] f38afeb1756caca50d100b0437ed30f4 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14337 | Size: 204799 MB
    1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 419444736 | Size: 1233924 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1348446208 | Size: 468996 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )

    +++++ PhysicalDrive4: +++++
    --- User ---
    [MBR] a4d855b0e98093b514a49b0aa2473abf
    [BSP] eac05a64ab652a1eeeb7bb7d47628e4e : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )
     
  7. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello Kazimierz,

    I see you ran FRST64.exe from \\Europa\Archives\Appz\spybot.

    Please move it to the desktop.

    After that

    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Next

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    So when you return please post
    • Fixlog.txt
    • JRT.txt
     

    Attached Files:

  8. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    Here they are. I had actually ran the FRST64 twice, because I didn't do it as administrator the first time. Once JRT ran, I couldn't access the internet. I had to reboot to get internet back.

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
    Ran by Admin at 2015-01-07 14:14:58 Run:2
    Running from C:\Users\Admin\Desktop
    Loaded Profile: Admin (Available profiles: Admin)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff3e-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {1232ff40-e91a-11e3-a0db-40167e76f56c} - L:\setup.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675daf-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {35675db9-fb18-11e3-88a5-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {44d6eac0-e875-11e3-8480-806e6f6e6963} - I:\SETUP.EXE /adminfile IU.MSP
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MountPoints2: {97aed133-ea3c-11e3-8603-40167e76f56c} - O:\VZW_Software_upgrade_assistant.exe
    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://hi.ru/search/?q={searchTerms}
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> DefaultScope {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> {EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} URL = https://www.google.com/search?q={searchTerms}
    emptytemp:
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1232ff3e-e91a-11e3-a0db-40167e76f56c} => Key not found.
    HKCR\CLSID\{1232ff3e-e91a-11e3-a0db-40167e76f56c} => Key not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1232ff40-e91a-11e3-a0db-40167e76f56c} => Key not found.
    HKCR\CLSID\{1232ff40-e91a-11e3-a0db-40167e76f56c} => Key not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35675daf-fb18-11e3-88a5-40167e76f56c} => Key not found.
    HKCR\CLSID\{35675daf-fb18-11e3-88a5-40167e76f56c} => Key not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35675db9-fb18-11e3-88a5-40167e76f56c} => Key not found.
    HKCR\CLSID\{35675db9-fb18-11e3-88a5-40167e76f56c} => Key not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44d6eac0-e875-11e3-8480-806e6f6e6963} => Key not found.
    HKCR\CLSID\{44d6eac0-e875-11e3-8480-806e6f6e6963} => Key not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97aed133-ea3c-11e3-8603-40167e76f56c} => Key not found.
    HKCR\CLSID\{97aed133-ea3c-11e3-8603-40167e76f56c} => Key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} => Key not found.
    HKCR\CLSID\{EE6EE89D-AC6D-4E6A-AF18-248C43D7BACD} => Key not found.
    EmptyTemp: => Removed 40.2 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 14:15:10 ====

    JRT


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Admin on Wed 01/07/2015 at 14:17:43.66
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 01/07/2015 at 14:19:39.51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello Kazimierz,

    Let's see where we are now.

    Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.
     
  10. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    Just so you know, the checkmark on the proxy settings still won't remain unchecked.

    B]FRST[/B]

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
    Ran by Admin (administrator) on POLSKA on 07-01-2015 19:33:26
    Running from C:\Users\Admin\Desktop
    Loaded Profile: Admin (Available profiles: Admin)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeSvc.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCWipeTM.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
    (Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcveserv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTHelperService.exe
    (InstallShield) C:\Program Files (x86)\DTSoft Updater\Updater.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
    (Comfort Software Group) D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe
    (Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTShellHlp.exe
    () D:\Utilities\PowerArchiver\PASTARTER.EXE
    () D:\Internet\No-IP\DUC40.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DTAgent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Adobe Systems Inc.) D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Samsung Electronics Co., Ltd.) D:\Hardware\Kies\KiesTrayAgent.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTNotification.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTBoardService.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInk.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Disc Soft Ltd) D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe
    (Joyent, Inc) D:\School\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    (Jetico Inc. Oy) D:\Utilities\BestCrypt\BC_VE\bcvetray.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
    (SMART Technologies) D:\School\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    (SAMSUNG Electornics Co., Ltd.) C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe
    (Jetico, Inc.) D:\Utilities\BestCrypt\BCResident.exe
    (Samsung Electronics.) D:\Hardware\Samsung Magician\Samsung Magician.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
    (Flexera Software LLC) D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe
    (ESRI) D:\School\ArcGIS Desktop\License\License10.2\bin\ARCGIS.exe
    (Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () D:\Internet\No-IP\ducservice.exe
    (Don HO [email protected]) D:\Utilities\Notepad++\notepad++.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    () D:\Internet\Opera\26.0.1656.60\opera_crashreporter.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Opera Software) D:\Internet\Opera\26.0.1656.60\opera.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) D:\Business\Office 2010\Office14\OUTLOOK.EXE
    (WinZip Computing, S.L.) C:\Program Files\WinZip\ZipSendService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Electronic Arts) G:\Role Playing\Dragon Age Inquisition\DragonAgeInquisition.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [BCSSync] => D:\Business\Office 2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [BCWipeTM Startup] => D:\Utilities\BestCrypt\BCWipeTM.exe [1660192 2013-10-17] (Jetico, Inc.)
    HKLM-x32\...\Run: [BestCrypt Volume Encryption] => D:\Utilities\BestCrypt\BC_VE\bcfmgr.exe [2662176 2013-10-23] (Jetico Inc. Oy)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2014-05-31] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [KiesTrayAgent] => D:\Hardware\Kies\KiesTrayAgent.exe [310064 2014-05-27] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [SMARTNotification] => D:\School\SMART Technologies\Education Software\SMARTNotification.exe [190256 2014-06-30] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Service] => D:\School\SMART Technologies\Education Software\SMARTBoardService.exe [1945392 2014-06-30] (SMART Technologies)
    HKLM-x32\...\Run: [sbsdk-server] => D:\School\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2014-06-26] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Ink] => D:\School\SMART Technologies\Education Software\SMARTInk.exe [565552 2014-06-18] (SMART Technologies)
    HKLM-x32\...\Run: [DivXMediaServer] => D:\Multimedia\Video\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [uTorrent] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe [1316688 2014-06-12] (BitTorrent Inc.)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [FreeAC] => D:\Utilities\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [KiesAirMessage] => D:\Hardware\Kies\KiesAirMessage.exe -startup
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [PowerArchiver Tray] => D:\Utilities\PowerArchiver\PASTARTER.EXE [1530360 2014-04-25] ()
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [NoIPDUCv4] => D:\Internet\No-IP\DUC40.exe [346624 2014-05-02] ()
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Run: [DAEMON Tools Pro Agent] => D:\Utilities\DAEMON Tools Pro\DTAgent.exe [3759376 2014-11-24] (Disc Soft Ltd)
    HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Policies\Explorer: [NoThumbNailCache] 1
    AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-09] (Jaksta Technologies Pty Ltd)
    AppInit_DLLs-x32: hplun.dll => "hplun.dll" File Not Found
    AppInit_DLLs-x32: ,C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-06-09] (Jaksta Technologies Pty Ltd)
    Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
    ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
    Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Admin\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
    ShortcutTarget: BestCrypt Auto Open.lnk -> D:\Utilities\BestCrypt\BestCrypt.exe (Jetico, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> D:\Hardward\Gigabyte OC Guru II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Business\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Business\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Tcpip\..\Interfaces\{AB6385C9-ACAC-4774-833C-82E34E0309E9}: [NameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Multimedia\Video\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Business\OFFICE~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Business\OFFICE~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Multimedia\Video\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: ObviousIdea Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
    FF Extension: JSOff - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\[email protected] [2014-05-31]
    FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2014-05-31]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - D:\Multimedia\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-30]
    FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-05-31]
    FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
    FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [Not Found]
    FF Extension: No Name - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\71upq3zx.default\extensions\[email protected] [Not Found]
    FF Extension: No Name - D:\Internet\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
    CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
    CHR Extension: (YouTube Center Developer Build) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-06-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
    CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
    CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-05-31]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
    CHR Extension: (ActiveGS) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhndampajkkhamolmmnalddigpojomph [2014-09-11]
    CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
    CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
    CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2014-06-02]
    CHR HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-05-31]
    CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - D:\Internet\Offline Explorer Enterprise\mpoe.crx [2014-04-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ArcGIS License Manager; D:\School\ArcGIS Desktop\License\License10.2\bin\lmgrd.exe [1452408 2014-02-13] (Flexera Software LLC)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
    R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
    R2 BcveServ; D:\Utilities\BestCrypt\BC_VE\bcveserv.exe [127776 2013-10-23] (Jetico Inc. Oy)
    R2 BCWipeSvc; D:\Utilities\BestCrypt\BCWipeSvc.exe [87840 2013-10-17] (Jetico, Inc.)
    R3 Disc Soft Bus Service; D:\Utilities\DAEMON Tools Pro\DiscSoftBusService.exe [2216208 2014-11-24] (Disc Soft Ltd)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
    S3 Media Center 19 Service; D:\Multimedia\Audio\Media Center 19\JRService.exe [397896 2014-07-02] (JRiver, Inc.)
    S3 Microsoft SharePoint Workspace Audit Service; D:\Business\Office 2010\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
    R2 NoIPDUCService4; D:\Internet\No-IP\ducservice.exe [11776 2014-05-02] () [File not signed]
    S3 Origin Client Service; D:\Utilities\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 SMARTHelperService; D:\School\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-06-30] (SMART Technologies)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 Updater.exe; C:\Program Files (x86)\DTSoft Updater\Updater.exe [40448 2014-12-03] (InstallShield) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AIDA64Driver; D:\Utilities\AIDA64 Extreme\kerneld.x64 [34136 2014-03-25] ()
    R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
    R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
    R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [80064 2013-10-16] (Jetico, Inc.)
    R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-15] (Jetico, Inc.)
    S4 BCSWAP; C:\Windows\System32\Drivers\BCSWAP.sys [124992 2013-03-05] (Jetico, Inc.)
    R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [35520 2013-09-25] (Jetico, Inc.)
    R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [31424 2013-09-24] (Jetico, Inc.)
    R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [31936 2013-09-24] (Jetico, Inc.)
    R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [31424 2013-09-24] (Jetico, Inc.)
    R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [38592 2013-09-24] (Jetico, Inc.)
    R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [35008 2013-09-24] (Jetico, Inc.)
    R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [26816 2013-09-24] (Jetico, Inc.)
    R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [28864 2013-09-24] (Iarsn)
    R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [31424 2013-09-24] (Michael Oestergaard Pedersen)
    R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [52416 2013-09-24] (Jetico, Inc.)
    R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [38080 2013-09-24] (Michael Oestergaard Pedersen)
    R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [35520 2013-09-24] (Jetico, Inc.)
    R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29864 2014-12-06] (Disc Soft Ltd)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
    R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-09-16] (Jetico, Inc.)
    S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
    R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
    S3 MftWipeFilter; C:\Windows\System32\Drivers\MftWipeFilter.sys [31488 2013-03-05] (Windows (R) Win 7 DDK provider)
    R3 mhk; C:\Windows\System32\Drivers\mhk.sys [18624 2013-10-03] (Jetico, Inc.)
    R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-03-05] (Jetico, Inc.)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-06-30] (SMART Technologies)
    R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-06-30] (SMART Technologies)
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-06-30] (SMART Technologies ULC)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-30] (Duplex Secure Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-07] ()
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 19:33 - 2015-01-07 19:33 - 00031295 _____ () C:\Users\Admin\Desktop\FRST.txt
    2015-01-07 14:19 - 2015-01-07 14:19 - 00000629 _____ () C:\Users\Admin\Desktop\JRT.txt
    2015-01-07 14:09 - 2015-01-07 14:09 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-07 14:07 - 2015-01-07 14:08 - 01707939 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
    2015-01-07 13:57 - 2015-01-07 08:40 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
    2015-01-07 08:42 - 2015-01-07 08:42 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-07 08:42 - 2015-01-07 08:42 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-01-07 07:32 - 2015-01-07 07:32 - 00000826 _____ () C:\Users\Admin\Desktop\hosts-clean.txt
    2015-01-05 22:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-05 22:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-05 22:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-05 22:12 - 2015-01-06 05:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-05 21:10 - 2015-01-07 19:33 - 00000000 ____D () C:\FRST
    2015-01-05 21:08 - 2015-01-05 21:09 - 00000000 ____D () C:\AdwCleaner
    2015-01-05 19:32 - 2015-01-05 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-01-05 19:32 - 2015-01-05 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-01-05 19:00 - 2015-01-05 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-05 19:00 - 2015-01-05 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-05 18:29 - 2015-01-05 18:29 - 00000000 ____D () C:\ProgramData\ATI
    2015-01-05 17:45 - 2015-01-06 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
    2015-01-05 17:45 - 2015-01-05 20:41 - 00000000 ____D () C:\Program Files (x86)\TubeDigger
    2014-12-28 21:37 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2014-12-28 11:35 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
    2014-12-28 11:35 - 2014-12-28 21:37 - 00000850 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
    2014-12-20 12:09 - 2014-12-20 12:10 - 00166912 _____ () C:\Users\Admin\Downloads\TS006206287.xlt
    2014-12-20 11:55 - 2014-12-20 11:55 - 00088241 _____ () C:\Users\Admin\Downloads\TS010073881.xltx
    2014-12-20 08:36 - 2015-01-05 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
    2014-12-20 08:36 - 2014-12-20 08:36 - 00000814 _____ () C:\Users\Public\Desktop\Crusader Kings II Way of Life.lnk
    2014-12-13 09:49 - 2014-12-13 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV - Collection
    2014-12-13 09:44 - 2014-12-13 09:44 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412130944121694.log
    2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-12-13 09:44 - 2014-12-13 09:44 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-12-13 09:43 - 2014-12-13 09:43 - 00000000 ____D () C:\Program Files (x86)\AMD
    2014-12-08 20:22 - 2014-12-08 20:22 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
    2014-12-08 19:04 - 2014-12-08 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-12-08 19:04 - 2014-12-08 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-12-08 19:04 - 2014-12-08 19:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\Program Files (x86)\Java

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 19:32 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
    2015-01-07 19:21 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
    2015-01-07 19:13 - 2014-05-31 02:39 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
    2015-01-07 18:43 - 2014-05-31 20:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-07 18:34 - 2014-05-30 19:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-07 17:08 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-07 14:26 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-07 14:26 - 2009-07-13 22:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-07 14:24 - 2014-05-30 08:20 - 02047622 _____ () C:\Windows\WindowsUpdate.log
    2015-01-07 14:21 - 2014-05-30 19:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-07 14:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-07 14:21 - 2009-07-13 22:51 - 00056499 _____ () C:\Windows\setupact.log
    2015-01-07 14:16 - 2010-11-20 21:47 - 01378500 _____ () C:\Windows\PFRO.log
    2015-01-07 13:58 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
    2015-01-07 10:05 - 2014-05-31 15:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
    2015-01-07 08:38 - 2014-06-01 07:21 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-06 12:00 - 2014-12-06 20:41 - 00000488 _____ () C:\Windows\Tasks\DTSoft Updater.job
    2015-01-06 05:17 - 2014-05-31 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
    2015-01-06 04:41 - 2014-08-30 14:23 - 00004782 _____ () C:\Windows\system32\Drivers\etc\hosts-ORIG
    2015-01-05 22:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-05 20:42 - 2014-05-30 08:19 - 00000000 ____D () C:\Users\Admin
    2015-01-05 20:41 - 2014-10-21 16:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-05 20:41 - 2014-09-03 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2015-01-05 20:41 - 2014-06-20 14:19 - 00000000 ____D () C:\ProgramData\FLEXnet
    2015-01-05 20:41 - 2014-06-20 12:49 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-05 20:41 - 2014-05-31 16:38 - 00000000 ____D () C:\ProgramData\Real
    2015-01-05 20:41 - 2014-05-31 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\QuickenWindow
    2015-01-05 20:41 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
    2015-01-05 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-05 18:56 - 2011-04-12 02:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-01-05 18:27 - 2014-08-30 16:41 - 00000000 ____D () C:\ProgramData\Origin
    2014-12-29 16:27 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\Dolina
    2014-12-29 07:48 - 2014-05-31 02:37 - 00000000 ____D () C:\Users\Admin\Documents\BioWare
    2014-12-28 14:57 - 2014-09-13 08:18 - 00000000 ____D () C:\Users\Admin\Documents\Car Shopping 2014
    2014-12-20 11:08 - 2014-05-31 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\SKIDROW
    2014-12-18 05:32 - 2014-06-03 04:04 - 00003804 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401525552
    2014-12-13 09:44 - 2014-05-31 16:46 - 00000000 ____D () C:\ProgramData\AMD
    2014-12-13 09:43 - 2014-06-06 11:21 - 00000000 ____D () C:\Program Files\AMD
    2014-12-13 09:42 - 2014-06-06 05:27 - 00000000 ____D () C:\AMD
    2014-12-13 09:10 - 2014-05-31 15:02 - 00001148 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis 4.lnk
    2014-12-12 08:35 - 2014-05-30 19:05 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-11 15:08 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
    2014-12-09 20:43 - 2014-05-31 20:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-09 20:43 - 2014-05-31 20:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-09 20:43 - 2014-05-31 20:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-08 19:04 - 2014-06-21 09:57 - 00000000 ____D () C:\ProgramData\Oracle

    Some content of TEMP:
    ====================
    C:\Users\Admin\AppData\Local\Temp\IntResource.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-05 23:33

    ==================== End Of Log ============================

    Addition


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
    Ran by Admin at 2015-01-07 19:33:50
    Running from C:\Users\Admin\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    "Batman - Arkham Origins" (HKLM-x32\...\{C0E2E169-E84A-435A-B680-AB7E3BB1F23C}_is1) (Version: 1.0.0.0 (Update 12) - )
    "Watch_Dogs" (HKLM-x32\...\{4F01FAA4-5688-4B10-B243-F8C67D279FA5}_is1) (Version: 0.1.0.1 (Update 1) - )
    µTorrent (HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\uTorrent) (Version: 3.4.2.31661 - BitTorrent Inc.)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
    AIDA64 Extreme v4.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.30 - FinalWire Ltd.)
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    ArcGIS 10.2.2 Desktop Tutorial Data (HKLM-x32\...\ArcGIS 10.2.2 Desktop Tutorial Data) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.2.2 Desktop Tutorial Data (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
    ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
    ArcGIS 10.2.2 License Manager (HKLM-x32\...\ArcGIS 10.2.2 License Manager) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
    ArcGIS 10.2.2 License Manager (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
    Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
    ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
    BestCrypt 8.0 (HKLM-x32\...\BestCrypt) (Version: 8.25.3.2 - Jetico Inc.)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
    Crusader Kings II version 2.1.6 (HKLM-x32\...\{C859826E-C678-41BC-9A6E-CB462C63007D}_is1) (Version: 2.1.6 - Yuzutu, Inc.)
    Crusader Kings II Way of Life (HKLM-x32\...\Crusader Kings II Way of Life_is1) (Version: - )
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
    DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - DT Soft Ltd.)
    DBFView Trial 4 (HKLM-x32\...\DBFView Trial_is1) (Version: - )
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
    Dragon Age Inquisition (HKLM-x32\...\Dragon Age Inquisition_is1) (Version: 1.0.0.0 - Релиз от R.G. Steamgames)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.2 - Electronic Arts)
    Dream Tale - The Golden Keys (HKLM-x32\...\Dream Tale - The Golden Keys1.0) (Version: 1.0 - Foxy Games)
    Dropbox (HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    ET GeoTools 11.1 for ArcGIS 10.2 (HKLM-x32\...\{31E930DF-B986-43D5-AF4E-61E2B9D94A98}) (Version: 11.1 - ET SpatialTechniques)
    ET GeoWizards 11.1 for ArcGIS 10.2 (HKLM-x32\...\{2F314F78-689D-4380-A969-594C40988DCD}) (Version: 11.1 - ET SpatialTechniques)
    Europa Universalis IV - Collection version 1.9.2 (HKLM-x32\...\{77B398F2-FEE1-47B8-9868-F3C1E3147C4C}_is1) (Version: 1.9.2 - Yuzutu, Inc.)
    Europa Universalis IV Wealth of Nations (HKLM-x32\...\Europa Universalis IV Wealth of Nations_is1) (Version: - )
    Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
    Far Cry 4 Update V1.4 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
    Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
    GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.50.0000 - GIGABYTE Technology Co.,Ltd.)
    GIGABYTE OC_GURU II (x32 Version: 1.50.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
    Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
    Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM-x32\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
    Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    Jaksta Streaming Media Recorder (4.4.3) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.3 - Jaksta Technologies)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JRiver Media Center 19 (HKLM-x32\...\Media Center 19) (Version: 19 - J. River, Inc.)
    KMLCSV Converter (HKLM-x32\...\KMLCSV Converter) (Version: 2.2.1 - Choon-Chern Lim)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
    MetaProducts Offline Explorer Enterprise (HKLM-x32\...\MetaProducts Offline Explorer Enterprise) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual FoxPro 9.0 Professional - English (HKLM-x32\...\Visual FoxPro 9.0 Professional - English) (Version: - Microsoft)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-2482053066-3626128781-3421568491-1000\...\MyFreeCodec) (Version: - )
    No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
    Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.20 - ConeXware, Inc.)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    PowerArchiver 2013 (HKLM-x32\...\PowerArchiver 2013 14.05.06) (Version: 14.05.06 - ConeXware, Inc.)
    PowerArchiver 2013 (x32 Version: 14.05.06 - ConeXware, Inc.) Hidden
    Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
    Retailman 1.90.127 (HKLM-x32\...\RetailMan POS_is1) (Version: - )
    Risk - 2012 (HKLM-x32\...\Risk - 20121.0) (Version: 1.0 - Foxy Games)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
    Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - )
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SMART Ink (HKLM-x32\...\{FC69B741-DC56-4591-97A2-A6BA211B7E76}) (Version: 2.2.590.1 - SMART Technologies ULC)
    SMART Notebook (HKLM-x32\...\{84579080-E961-4DE7-93AB-5E2B81A96387}) (Version: 14.1.852.0 - SMART Technologies ULC)
    SMART Product Drivers (HKLM-x32\...\{890680EC-2F88-47F0-970C-593081E62593}) (Version: 11.6.450.0 - SMART Technologies ULC)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Tropico 5 v1.04 (Special Steam Edition)(3 DLC) (HKLM-x32\...\Tropico 5 v1.04 (Special Steam Edition)(3 DLC)1.04) (Version: 1.04 - Friends in War)
    TubeDigger 4.8.2 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 4.8.2 - TubeDigger)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinX DVD Ripper Platinum 7.5.8 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
    Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
    World War 1 Centennial Edition (HKLM-x32\...\World War 1 Centennial Edition_is1) (Version: - )
    XMedia Recode version 3.2.0.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.0 - XMedia Recode)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2482053066-3626128781-3421568491-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    23-05-2014 06:13:23 Windows Update
    23-05-2014 06:28:14 Windows Update
    27-05-2014 06:13:46 Windows Update
    16-12-2014 00:00:01 Scheduled Checkpoint
    23-12-2014 00:00:01 Scheduled Checkpoint
    28-12-2014 11:35:40 Installed DirectX
    28-12-2014 21:37:15 Installed DirectX
    05-01-2015 18:54:27 Restore Operation
    05-01-2015 20:56:51 Installed Microsoft Fix it 50267
    05-01-2015 20:58:55 Installed Microsoft Fix it 50566
    07-01-2015 07:30:04 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-01-07 07:32 - 2015-01-07 07:32 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {08BA20F8-555B-4258-A7D1-7F9BAA8BF26F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {2B8DA0E7-FDA5-4635-94CA-661F64D6B4AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {31DE8D15-52EE-4203-B391-B68D057334EF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {4258BB6F-FDBF-436C-817B-9DA2762EA554} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
    Task: {48EAED26-580C-48B0-992D-554D02A9742F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-30] (Google Inc.)
    Task: {4C143402-006F-47A0-8889-3BD2DDABE6B0} - System32\Tasks\SamsungMagician => D:\Hardware\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
    Task: {5472A833-C8BE-47A6-A3EA-15F57CB16EA4} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {A1952D85-542C-4A31-8563-3DA8A1D4072F} - System32\Tasks\DTSoft Updater => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\DTSoft Updater\updater.ini"
    Task: {B91B494A-7909-47C3-9E84-3AC0C698A500} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2482053066-3626128781-3421568491-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
    Task: {DC20D36E-C680-496F-B02E-5559E7D27FC7} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
    Task: {E4379DD1-BCD0-4850-86DE-6705160E3092} - System32\Tasks\Opera scheduled Autoupdate 1401525552 => D:\Internet\Opera\launcher.exe [2014-12-17] (Opera Software)
    Task: {E9B6122B-9679-4820-A3BD-6E633C20E2C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-30] (Google Inc.)
    Task: {F6D2346E-257F-4F11-AB44-D1FB17A6E6F6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2482053066-3626128781-3421568491-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DTSoft Updater.job => C:\Windows\system32\wscript.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-09-17 04:58 - 2013-09-17 04:58 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-04-25 13:31 - 2014-04-25 13:31 - 02386936 _____ () D:\Utilities\PowerArchiver\PASHLEXT64.DLL
    2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () D:\Utilities\Notepad++\NppShell_06.dll
    2014-04-25 12:20 - 2014-04-25 12:20 - 01530360 _____ () D:\Utilities\PowerArchiver\PASTARTER.EXE
    2014-05-02 16:55 - 2014-05-02 16:55 - 00346624 _____ () D:\Internet\No-IP\DUC40.exe
    2014-01-09 23:26 - 2014-01-09 23:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2014-05-02 16:58 - 2014-05-02 16:58 - 00011776 _____ () D:\Internet\No-IP\ducservice.exe
    2014-12-18 05:32 - 2014-12-18 05:32 - 00535160 _____ () D:\Internet\Opera\26.0.1656.60\opera_crashreporter.exe
    2014-12-28 20:08 - 2014-12-28 11:17 - 01836032 _____ () G:\Role Playing\Dragon Age Inquisition\3dmgame.dll
    2014-12-28 20:08 - 2014-12-09 03:28 - 00014104 _____ () G:\Role Playing\Dragon Age Inquisition\Engine.BuildInfo_Win64_retail.dll
    2014-05-31 16:32 - 2015-01-07 14:21 - 00029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2014-05-31 16:32 - 2010-06-28 20:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-08-18 11:43 - 2014-11-18 10:45 - 00002048 _____ () D:\Utilities\DAEMON Tools Pro\MSIMG32.dll
    2014-05-02 16:55 - 2014-05-02 16:55 - 00071680 _____ () D:\Internet\No-IP\ducapi.dll
    2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 20:17 - 2010-10-20 14:45 - 08801120 _____ () D:\Business\Office 2010\Office14\1033\GrooveIntlResource.dll
    2014-08-30 13:44 - 2014-08-30 13:44 - 00524712 _____ () C:\Windows\WinSxS\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll
    2014-08-30 13:44 - 2014-08-30 13:44 - 00054184 _____ () C:\Windows\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
    2014-08-30 13:44 - 2014-08-30 13:44 - 00145328 _____ () C:\Windows\WinSxS\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
    2014-08-30 13:44 - 2014-08-30 13:44 - 00022440 _____ () C:\Windows\WinSxS\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
    2014-08-30 13:44 - 2014-08-30 13:44 - 00051120 _____ () C:\Windows\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
    2014-01-09 23:28 - 2014-01-09 23:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2014-06-26 10:42 - 2014-06-26 10:42 - 00277296 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
    2014-06-26 10:43 - 2014-06-26 10:43 - 00135984 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
    2014-06-26 10:43 - 2014-06-26 10:43 - 00053040 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
    2014-06-26 10:43 - 2014-06-26 10:43 - 00057648 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
    2014-06-26 10:43 - 2014-06-26 10:43 - 00014848 _____ () D:\School\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
    2015-01-07 14:21 - 2015-01-07 14:21 - 00098816 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32api.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00110080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pywintypes27.dll
    2015-01-07 14:21 - 2015-01-07 14:21 - 00364544 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pythoncom27.dll
    2015-01-07 14:21 - 2015-01-07 14:21 - 00045568 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_socket.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 01160704 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_ssl.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00320512 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32com.shell.shell.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00713216 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_hashlib.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 01175040 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._core_.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00805888 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._gdi_.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00811008 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._windows_.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 01062400 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._controls_.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00735232 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._misc_.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00128512 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_elementtree.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00127488 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pyexpat.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00557056 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\pysqlite2._sqlite.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00087552 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_ctypes.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00119808 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32file.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00108544 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32security.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00007168 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\hashobjs_ext.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00167936 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32gui.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00018432 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32event.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00038912 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32inet.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00011264 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32crypt.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00070656 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._html2.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00027136 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\_multiprocessing.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00035840 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32process.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00686080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\unicodedata.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00122368 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._wizard.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00024064 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32pipe.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00025600 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32pdh.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00525640 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\windows._lib_cacheinvalidation.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00010240 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\select.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00017408 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32profile.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00022528 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\win32ts.pyd
    2015-01-07 14:21 - 2015-01-07 14:21 - 00078336 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI36002\wx._animate.pyd
    2014-05-31 16:34 - 2013-08-19 03:23 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
    2014-05-31 16:34 - 2013-08-19 16:21 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
    2014-05-31 16:34 - 2014-05-31 16:36 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
    2014-05-31 16:34 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
    2014-05-31 16:34 - 2012-10-08 16:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
    2014-05-31 16:34 - 2013-05-08 15:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
    2014-05-31 16:34 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
    2014-05-31 16:34 - 2013-04-15 13:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
    2014-05-31 16:34 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    2014-05-31 16:34 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
    2014-05-31 16:34 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
    2014-05-31 16:34 - 2012-08-29 17:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
    2014-05-31 16:34 - 2011-06-08 10:15 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
    2014-05-31 16:32 - 2010-08-22 20:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
    2014-05-31 16:34 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
    2014-05-31 16:34 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
    2014-06-02 04:42 - 2014-05-06 10:24 - 00013824 _____ () D:\Hardware\Samsung Magician\SAMSUNG_SSD.dll
    2014-06-02 04:42 - 2014-05-19 19:20 - 00103424 _____ () D:\Hardware\Samsung Magician\PAL.dll
    2014-06-02 04:42 - 2014-05-19 19:20 - 00039424 _____ () D:\Hardware\Samsung Magician\SATA.dll
    2014-06-02 04:42 - 2014-05-19 19:19 - 00038400 _____ () D:\Hardware\Samsung Magician\SAT.dll
    2014-06-02 04:42 - 2014-05-19 19:20 - 00031232 _____ () D:\Hardware\Samsung Magician\SMINI.dll
    2014-06-02 04:42 - 2014-05-19 19:19 - 00029696 _____ () D:\Hardware\Samsung Magician\SAS.dll
    2014-12-12 08:35 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-12 08:35 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-12 08:35 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-12 08:35 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-12 08:35 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
    2011-07-18 15:07 - 2011-07-18 15:07 - 00014336 _____ () D:\Utilities\Notepad++\plugins\NppExport.dll
    2014-01-06 17:42 - 2014-01-06 17:42 - 01611264 _____ () D:\Utilities\Notepad++\plugins\NppFTP.dll
    2014-12-18 05:32 - 2014-12-18 05:32 - 01358456 _____ () D:\Internet\Opera\26.0.1656.60\libglesv2.dll
    2014-12-18 05:32 - 2014-12-18 05:32 - 00219256 _____ () D:\Internet\Opera\26.0.1656.60\libegl.dll
    2014-12-18 05:32 - 2014-12-18 05:32 - 09312888 _____ () D:\Internet\Opera\26.0.1656.60\pdf.dll
    2014-12-18 05:32 - 2014-12-18 05:32 - 00991352 _____ () D:\Internet\Opera\26.0.1656.60\ffmpegsumo.dll
    2014-12-09 20:43 - 2014-12-09 20:43 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
    2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2011-09-05 11:05 - 2011-09-05 11:05 - 04160416 _____ () D:\Multimedia\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
    2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () D:\Business\Office 2010\Office14\ADDINS\UmOutlookAddin.dll
    2013-07-31 16:50 - 2013-07-31 16:50 - 00499712 ____R () C:\Program Files\WinZip\adxloader.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Admin\Cookies:m5Ra5tnPnUpnObdPWnYvOj5
    AlternateDataStreams: C:\Users\Admin\AppData\Local\LVsPryR0g7ddNf:hEfUDXCRr9YLhFqdtp8MLc
    AlternateDataStreams: C:\Users\Admin\AppData\Local\RtN9ww3yN1G8Ck:faXRxnbCGuKSVR2os7A

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29768712.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29768712.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

    ========================= Accounts: ==========================

    Admin (S-1-5-21-2482053066-3626128781-3421568491-1000 - Administrator - Enabled) => C:\Users\Admin
    Administrator (S-1-5-21-2482053066-3626128781-3421568491-500 - Administrator - Disabled)
    Guest (S-1-5-21-2482053066-3626128781-3421568491-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2482053066-3626128781-3421568491-1003 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: SMART Virtual TabletPC
    Description: SMART Virtual TabletPC
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: SMART Technologies ULC
    Service: SMARTVTabletPCx64
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/07/2015 02:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/07/2015 02:21:45 PM) (Source: DCOM) (EventID: 10016) (User: Polska)
    Description: application-specificLocalActivation{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}PolskaAdminS-1-5-21-2482053066-3626128781-3421568491-1000LocalHost (Using LRPC)


    Microsoft Office Sessions:
    =========================
    Error: (01/07/2015 02:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4820K CPU @ 3.70GHz
    Percentage of memory in use: 46%
    Total physical RAM: 16320.18 MB
    Available physical RAM: 8756.64 MB
    Total Pagefile: 32638.53 MB
    Available Pagefile: 22166.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (Win 7) (Fixed) (Total:238.29 GB) (Free:51.66 GB) NTFS
    Drive d: (Hard Drive) (Fixed) (Total:227.37 GB) (Free:78.31 GB) NTFS
    Drive e: (Win 7 -OLD) (Fixed) (Total:200 GB) (Free:0.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (Hard Drive - OLD) (Fixed) (Total:100 GB) (Free:10.6 GB) NTFS
    Drive g: (Games) (Fixed) (Total:700 GB) (Free:15.11 GB) NTFS
    Drive h: (Cache) (Fixed) (Total:5 GB) (Free:1.4 GB) NTFS
    Drive i: (Archives) (Fixed) (Total:931.51 GB) (Free:136.79 GB) NTFS
    Drive j: (Multimedia FIles) (Fixed) (Total:458 GB) (Free:297.42 GB) NTFS
    Drive v: (Video Scratch Disk) (Fixed) (Total:400 GB) (Free:34.88 GB) NTFS
    Drive x: (Archives 1TB) (Fixed) (Total:931.51 GB) (Free:30.23 GB) NTFS
    Drive z: (2TB Archives) (Fixed) (Total:1862.89 GB) (Free:104.42 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C51155E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=238.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=227.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 47889787)
    Partition 2: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: DAB07BA5)
    Partition 2: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B43A33C3)
    Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1205 GB) - (Type=OF Extended)
    Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 02312E83)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 900 GB) (Disk ID: D44EF049)
    Partition 1: (Not Active) - (Size=900 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hmm... FRST reported that it had fixed those so something is returning them to that position.

    We will have another look at that later, meanwhile please do this:

    Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

    [​IMG]

    Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

    A copy of the report is also saved in the C:\AdwCleaner folder.

    Next

    Please download Rkill by Grinler and save it to your desktop.
    • Link 1
    • Link 2
      • Double-click on the Rkill desktop icon to run the tool.
      • If using Vista, right-click on it and Run As Administrator.
      • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      • If not, delete the file, then download and use the one provided in Link 2.
      • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      • If the tool does not run from any of the links provided, please let me know.
    • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.
    Note: rKill.txt log can also be found on your desktop.

    When you return please post
    • AdwCleaner log
    • rKill.txt
     
  12. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    Although the check is there I am not getting the loopback effect and have internet access on the machine. The internet isn't back to normal, from what I can tell. There are some video streaming sites that my friend uses that won't stream. Others do without issue. If I use my computer to access the sites, it is fine, using the same home network access.


    AdCleaner

    # AdwCleaner v4.106 - Report created 07/01/2015 at 21:40:58
    # Updated 21/12/2014 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Admin - POLSKA
    # Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v


    -\\ Google Chrome v39.0.2171.95


    -\\ Opera v0.0.0.0

    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : edjkooiccbgjhlpfhkknkjhfpmjkmelk
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : nlgdemkdapolikbjimjajpmonpbpmipk
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
    [C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aonedlchkbicmhepimiahfalheedjgbh

    *************************

    AdwCleaner[R0].txt - [5870 octets] - [05/01/2015 21:08:11]
    AdwCleaner[R1].txt - [2975 octets] - [07/01/2015 20:53:26]
    AdwCleaner[S0].txt - [6701 octets] - [05/01/2015 21:09:29]
    AdwCleaner[S1].txt - [2928 octets] - [07/01/2015 21:40:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2988 octets] ##########


    rKill

    Rkill 2.6.9 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 01/07/2015 09:43:22 PM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 01/07/2015 09:43:33 PM
    Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
     
  13. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello Kazimierz,

    Please download Malwarebytes Anti-Rootkit to your desktop from here.
    • Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
    • Click OK at the installer screen that comes up.
    • The software will be extracted and will open.
    • Click Next at the first screen.
    • The Update Database screen will appear. Click the Update button.
    • Once updated, click the Next button.
    • On the Scan System screen, click the Scan button.
    • Once, the Scan is finished click on the Cleanup button to remove any threats and reboot if prompted to do so. If no threats are found just close the programme.
    • If threats were found, then after the reboot, re-run the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.

    Whether threats were found or not there will be a folder named mbar on your desktop. Open this folder and you will find in the list that presents with a file named mbar-log-...txt and another named system log.txt. Please open the files one at a time and copy and paste the contents of each back here.
     
  14. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    I haven't run the items yet, but I did discover something. I was checking to see if the streaming issue was related to something using bandwidth. Now, while it wasn't using an awful lot, there was a process using the most: "updater.exe". I killed the process and lost all internet access. I rebooted and, sure enough, it was running and I had internet. I went into services and stopped the service, which resulted in losing internet. I restored it, so I could get access to this site and the cleaning software.

    It is listed as an updater for DaemonTools, but it doesn't seem to be acting like it.

    I will now follow your instructions before heading to bed.
     
  15. Kazimierz

    Kazimierz Thread Starter

    Joined:
    Jan 5, 2015
    Messages:
    19
    LOG FILE

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2015.01.08.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17420
    Admin :: POLSKA [administrator]

    1/7/2015 10:28:12 PM
    mbar-log-2015-01-07 (22-28-12).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
    Objects scanned: 380400
    Time elapsed: 5 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    SYSTEM LOG

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17420

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, V:\ DRIVE_FIXED, X:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
    CPU speed: 3.700000 GHz
    Memory total: 17112944640, free: 14242582528

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17420

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, V:\ DRIVE_FIXED, X:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
    CPU speed: 3.700000 GHz
    Memory total: 17112944640, free: 14260002816

    Downloaded database version: v2015.01.08.03
    Downloaded database version: v2015.01.07.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/07/2015 22:28:07
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\sptd.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\mv91cons.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\DRIVERS\asahci64.sys
    \SystemRoot\system32\DRIVERS\mvs91xx.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\mvxxmm.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\fsh.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\bcfnt.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\System32\Drivers\BC_3DES.SYS
    \SystemRoot\System32\Drivers\BC_BF128.SYS
    \SystemRoot\System32\Drivers\BC_BF448.SYS
    \SystemRoot\System32\Drivers\BC_BFish.SYS
    \SystemRoot\System32\Drivers\BC_CAST.SYS
    \SystemRoot\System32\Drivers\BC_DES.SYS
    \SystemRoot\System32\Drivers\BC_Gost.SYS
    \SystemRoot\System32\Drivers\BC_IDEA.SYS
    \SystemRoot\System32\Drivers\BC_RC6.SYS
    \SystemRoot\System32\Drivers\BC_RIJN.SYS
    \SystemRoot\System32\Drivers\BC_SERP.SYS
    \SystemRoot\System32\Drivers\BC_TFISH.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\bcbus.sys
    \SystemRoot\SysWow64\drivers\AsUpIO.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\asmtxhci.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\ICCWDT.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\jakndis.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\dtscsibus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\SMARTMouseFilterx64.sys
    \SystemRoot\System32\Drivers\moh.SYS
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\asmthub3.sys
    \SystemRoot\SysWow64\drivers\ASUSFILTER.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\mhk.SYS
    \SystemRoot\system32\DRIVERS\ssudbus.sys
    \SystemRoot\system32\DRIVERS\ssudmdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\WinUsb.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\System32\drivers\rdpdr.sys
    \SystemRoot\system32\drivers\tdtcp.sys
    \SystemRoot\System32\DRIVERS\tssecsrv.sys
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa800dc65060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000083\
    Lower Device Object: 0xfffffa800d977060
    Lower Device Driver Name: \Driver\mvs91xx\
    IRP handler 0 of \Driver\mvs91xx points to an unknown module
    Unhooking enabled.
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa800dc65060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000083\
    Lower Device Object: 0xfffffa800d977060
    Lower Device Driver Name: \Driver\mvs91xx\
    Driver name found: mvs91xx
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800dc64060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000082\
    Lower Device Object: 0xfffffa800d9a7060
    Lower Device Driver Name: \Driver\mvs91xx\
    Driver name found: mvs91xx
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800dc63060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
    Lower Device Object: 0xfffffa800d978060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800dc62060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa800d95e060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800dc43790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa800d92f680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800dc43790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800db3fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800db3eba0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
    DevicePointer: 0xfffffa800dc43790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d96e4e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800d92f680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
    Upper DeviceData: 0xfffff8a008785820, 0xfffffa800dc43790, 0xfffffa800ce5c090
    Lower DeviceData: 0xfffff8a013916920, 0xfffffa800d92f680, 0xfffffa800ce5d630
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6C51155E

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 499728384

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 499935232 Numsec = 476833792

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa800dc62060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800db41b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800db3f8b0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
    DevicePointer: 0xfffffa800dc62060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d953520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800d95e060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
    Upper DeviceData: 0xfffff8a00898a1c0, 0xfffffa800dc62060, 0xfffffa800ce5f090
    Lower DeviceData: 0xfffff8a008ae0560, 0xfffffa800d95e060, 0xfffffa800ce2c660
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 47889787

    Partition information:

    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953519616

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa800dc63060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800db44b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800db409b0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
    DevicePointer: 0xfffffa800dc63060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d978060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
    Upper DeviceData: 0xfffff8a0125b0250, 0xfffffa800dc63060, 0xfffffa800ce60090
    Lower DeviceData: 0xfffff8a008fb4220, 0xfffffa800d978060, 0xfffffa800ce55660
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: DAB07BA5

    Partition information:

    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953519616

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa800dc64060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800dc62b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800db448b0, DeviceName: Unknown, DriverName: \Driver\bcfnt\
    DevicePointer: 0xfffffa800dc64060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d9a7060, DeviceName: \Device\00000082\, DriverName: \Driver\mvs91xx\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
    Upper DeviceData: 0xfffff8a012b52c00, 0xfffffa800dc64060, 0xfffffa800ce67790
    Lower DeviceData: 0xfffff8a00877d4f0, 0xfffffa800d9a7060, 0xfffffa800ce5daa0
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B43A33C3

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14337 Numsec = 419430399
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 419444736 Numsec = 2527076352

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2946521088 Numsec = 960503808

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 4, DevicePointer: 0xfffffa800dc65060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800db45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800dc64b60, DeviceName: Unknown, DriverName: \Driver\bcfnt\
    DevicePointer: 0xfffffa800dc65060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d977060, DeviceName: \Device\00000083\, DriverName: \Driver\mvs91xx\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\bcfnt\
    Upper DeviceData: 0xfffff8a013924970, 0xfffffa800dc65060, 0xfffffa800ce68090
    Lower DeviceData: 0xfffff8a012c29bd0, 0xfffffa800d977060, 0xfffffa800ce61aa0
    Drive 4
    Scanning MBR on drive 4...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 2312E83

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1235259657
    GPT Header CurrentLba = 1 BackupLba 3907029167
    GPT Header FirstUsableLba 34 LastUsableLba 3907029134
    GPT Header Guid d94ea31d-5bbd-4bfa-b6f6-26e52f5d7d82
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1235259657
    Backup GPT header CurrentLba = 3907029167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
    Backup GPT header Guid d94ea31d-5bbd-4bfa-b6f6-26e52f5d7d82
    Backup GPT header Contains 128 partition entries starting at LBA 3907029135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 5a988fc0-a0f6-4793-82fd-9223dbe33e8d
    FirstLBA 34 Last LBA 262177
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b03048dd-79b5-4c5a-ab74-1eea7d6995ca
    FirstLBA 264192 Last LBA 3907028991
    Attributes 0
    Partition Name Basic data partition

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-14337-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
    Removal finished
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1140639

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice