DarylM
Members-
Posts
10 -
Joined
-
Last visited
Reputation
0 Neutral-
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
Seems to be working great so far! Thank you so much! I sent you a donation for all the help -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.6 (04.28.2015:1) OS: Windows 7 Home Premium x64 Ran by Daryl on Wed 04/29/2015 at 11:26:36.32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Daryl\AppData\Roaming\mozilla\firefox\profiles\g03ff0aw.default\prefs.js user_pref(extensions.B1tVlK9Me.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\rjCGrjn8qjs7rHsGqjnGpjs6rHr\)>-1||url.inde user_pref(extensions.qIBcY.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\rjCGrjn8qjs7rHsGqjnGpjs6rHr\)>-1||url.indexOf( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 04/29/2015 at 11:28:26.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.202 - Logfile created 29/04/2015 at 11:29:43 # Updated 23/04/2015 by Xplode # Database : 2015-04-27.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Daryl - DARYL-PC # Running from : C:\Users\Daryl\Desktop\adwcleaner_4.202.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v35.0.1 (x86 en-US) -\\ Google Chrome v42.0.2311.90 [C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} -\\ Chromium v -\\ Comodo Dragon v -\\ Chrome Canary v ************************* AdwCleaner[R0].txt - [3571 bytes] - [01/01/2014 21:30:28] AdwCleaner[R1].txt - [16171 bytes] - [28/04/2015 08:11:59] AdwCleaner[R2].txt - [1396 bytes] - [29/04/2015 11:29:02] AdwCleaner[s0].txt - [3734 bytes] - [01/01/2014 21:32:05] AdwCleaner[s1].txt - [12709 bytes] - [28/04/2015 08:13:36] AdwCleaner[s2].txt - [1325 bytes] - [29/04/2015 11:29:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1384 bytes] ########## -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
The Kaspersky from the download link does not look like that (no cog to click) but I did click "change parameters" to include my main drive and then scanned my computer. I also could not save the report, so I took a screenshot and attached it to this comment. -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
Sorry took so long, had to work.. C:\Users\All Users\InstallMate\{A60F21D2-60BC-42DA-A031-289E7DEC0324}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.15.2.24_1\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkellkgendlmiakgmfcfagkniheiiokk\2.5_0\t1FFJiA4J.js Win32/Adware.MultiPlug.EB application C:\AdwCleaner\Quarantine\C\ProgramData\dfklljcnffcmkfdjehjjafbmkdlipjgj\C10dz.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\torch\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\torch\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined C:\FRST\Quarantine\C\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe.xBAD a variant of Win32/Toolbar.Perion.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Users\Jessie\AppData\Local\Temp\tbSomo.dll.xBAD a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll Win32/ExtenBro.AZ trojan cleaned by deleting - quarantined C:\Program Files (x86)\Gtuner\Gtuner.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined C:\Program Files (x86)\Gtuner\MaxAimDI.dll a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined C:\ProgramData\InstallMate\{A60F21D2-60BC-42DA-A031-289E7DEC0324}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.15.2.24_1\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkellkgendlmiakgmfcfagkniheiiokk\2.5_0\t1FFJiA4J.js Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined D:\Daryl Download\1\NBA2k15 V1.00 Trainer +9 MrAntiFun B.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined D:\Daryl Download\pay2-rockballa86-f12e2dfa565efe4\pay2-rockballa86.exe a variant of Win32/GameHack.BE potentially unsafe application deleted - quarantined D:\Daryl Download\The.Sims.4-RELOADED\rld-thesims4.iso Win32/HackTool.Crack.CY potentially unsafe application deleted D:\DARYL-PC\Backup Set 2014-11-02 190000\Backup Files 2014-11-02 190000\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2014-11-02 190000\Backup Files 2014-11-02 190000\Backup files 4.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined D:\DARYL-PC\Backup Set 2014-11-02 190000\Backup Files 2014-11-02 190000\Backup files 5.zip Win32/AdWare.1ClickDownload.AW application deleted - quarantined D:\DARYL-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2014-12-21 213221\Backup Files 2014-12-21 213221\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2015-01-19 104716\Backup Files 2015-01-19 104716\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2015-02-15 190000\Backup Files 2015-03-01 190001\Backup files 2.zip a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined D:\Program Files\The Sims 4\Game\Bin\rld.dll Win32/HackTool.Crack.CY potentially unsafe application deleted - quarantined -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
ComboFix 15-04-28.01 - Daryl 04/28/2015 11:39:11.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.6673 [GMT -4:00] Running from: c:\users\Daryl\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\background.html c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\content.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\lsdb.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\yC3.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\background.html c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\content.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\lsdb.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\ye1HgR.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\bootstrap.js c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\chrome.manifest c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\content\bg.js c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\install.rdf c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2015-03-28 to 2015-04-28 ))))))))))))))))))))))))))))))) . . 2015-04-28 15:41 . 2015-04-28 15:41 -------- d-----w- c:\users\Jessie\AppData\Local\temp 2015-04-28 15:41 . 2015-04-28 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-28 12:08 . 2015-04-28 12:08 -------- d-----w- C:\RegBackup 2015-04-28 12:06 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36FB99EB-564A-4675-A0B1-A8F95B5251A5}\mpengine.dll 2015-04-28 06:39 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-04-22 14:26 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2015-04-15 05:26 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-04-15 05:25 . 2015-03-13 04:12 666624 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll 2015-04-14 20:44 . 2015-04-14 20:44 -------- d-----w- c:\users\Daryl\AppData\Local\openvr 2015-04-04 07:00 . 2015-04-04 07:00 -------- d-s---w- c:\windows\system32\GWX 2015-04-04 07:00 . 2015-04-04 07:00 -------- d-s---w- c:\windows\SysWow64\GWX 2015-03-31 05:15 . 2015-03-26 07:00 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2490ED8A-0A52-4ABF-B3A0-37A7DB3DADDE}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-28 14:53 . 2014-08-06 11:17 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-04-09 00:58 . 2014-04-10 23:56 3317344 ----a-w- c:\windows\system32\nvapi64.dll 2015-04-09 00:58 . 2014-04-10 23:56 17176128 ----a-w- c:\windows\system32\nvwgf2umx.dll 2015-04-09 00:58 . 2014-04-10 23:56 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2015-04-08 21:30 . 2014-04-10 23:57 6841488 ----a-w- c:\windows\system32\nvcpl.dll 2015-04-08 21:30 . 2014-04-10 23:57 3478344 ----a-w- c:\windows\system32\nvsvc64.dll 2015-04-08 21:30 . 2014-10-27 02:13 2558608 ----a-w- c:\windows\system32\nvsvcr.dll 2015-04-08 21:30 . 2014-04-10 23:57 936264 ----a-w- c:\windows\system32\nvvsvc.exe 2015-04-08 21:30 . 2014-04-10 23:57 62608 ----a-w- c:\windows\system32\nvshext.dll 2015-04-08 21:30 . 2014-04-10 23:57 385168 ----a-w- c:\windows\system32\nvmctray.dll 2015-04-08 17:52 . 2014-04-10 23:57 4336074 ----a-w- c:\windows\system32\nvcoproc.bin 2015-04-01 15:16 . 2012-04-24 01:57 128913832 ----a-w- c:\windows\system32\MRT.exe 2015-03-28 03:44 . 2014-06-09 01:27 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2015-03-28 03:44 . 2014-04-10 23:58 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll 2015-03-28 03:43 . 2014-06-09 01:27 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll 2015-03-28 03:43 . 2014-04-10 23:58 1570672 ----a-w- c:\windows\system32\nvspcap64.dll 2015-03-26 07:00 . 2014-01-24 17:34 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-03-21 20:18 . 2012-05-15 11:57 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2015-03-21 20:18 . 2012-05-15 11:57 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2015-03-21 20:18 . 2012-05-15 11:57 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2015-03-21 20:18 . 2012-05-15 11:57 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2015-03-18 12:12 . 2012-04-25 23:13 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-03-18 12:12 . 2012-04-25 23:13 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-03-17 04:56 . 2015-04-15 05:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-03-13 19:41 . 2015-03-18 12:09 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll 2015-03-13 19:41 . 2015-03-18 12:09 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll 2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-26 03:25 . 2015-03-11 05:05 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-20 04:41 . 2015-03-11 05:06 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 05:06 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 05:06 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 05:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 05:06 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 05:06 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 05:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 05:06 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 05:06 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 05:06 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-13 05:22 . 2015-03-11 05:06 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-05 21:01 . 2015-02-10 22:33 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll 2015-02-05 21:01 . 2015-02-10 22:33 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll 2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-02-04 03:16 . 2015-03-11 05:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 05:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-02-03 03:34 . 2015-03-11 05:06 693176 ----a-w- c:\windows\system32\winload.efi 2015-02-03 03:34 . 2015-03-11 05:06 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-02-03 03:33 . 2015-03-11 05:06 616360 ----a-w- c:\windows\system32\winresume.efi 2015-02-03 03:31 . 2015-03-11 05:06 14632960 ----a-w- c:\windows\system32\wmp.dll 2015-02-03 03:31 . 2015-03-11 05:06 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll 2015-02-03 03:31 . 2015-03-11 05:06 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-02-03 03:31 . 2015-03-11 05:05 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-02-03 03:31 . 2015-03-11 05:06 215552 ----a-w- c:\windows\system32\ubpm.dll 2015-02-03 03:31 . 2015-03-11 05:06 5120 ----a-w- c:\windows\system32\dxmasf.dll 2015-02-03 03:31 . 2015-03-11 05:06 5120 ----a-w- c:\windows\system32\msdxm.ocx 2015-02-03 03:31 . 2015-03-11 05:06 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-02-03 03:31 . 2015-03-11 05:06 1574400 ----a-w- c:\windows\system32\quartz.dll 2015-02-03 03:31 . 2015-03-11 05:06 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-02-03 03:31 . 2015-03-11 05:06 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-02-03 03:31 . 2015-03-11 05:06 188416 ----a-w- c:\windows\system32\pcasvc.dll 2015-02-03 03:31 . 2015-03-11 05:06 37376 ----a-w- c:\windows\system32\pcadm.dll 2015-02-03 03:31 . 2015-03-11 05:06 9728 ----a-w- c:\windows\system32\spwmp.dll 2015-02-03 03:31 . 2015-03-11 05:06 641024 ----a-w- c:\windows\system32\msscp.dll 2015-02-03 03:31 . 2015-03-11 05:06 325632 ----a-w- c:\windows\system32\msnetobj.dll 2015-02-03 03:31 . 2015-03-11 05:06 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-02-03 03:31 . 2015-03-11 05:06 4121600 ----a-w- c:\windows\system32\mf.dll 2015-02-03 03:31 . 2015-03-11 05:06 432128 ----a-w- c:\windows\system32\mfplat.dll 2015-02-03 03:31 . 2015-03-11 05:06 206848 ----a-w- c:\windows\system32\mfps.dll 2015-02-03 03:30 . 2015-03-11 05:06 631808 ----a-w- c:\windows\system32\evr.dll 2015-02-03 03:30 . 2015-03-11 05:06 284672 ----a-w- c:\windows\system32\EncDump.dll 2015-02-03 03:30 . 2015-03-11 05:06 1202176 ----a-w- c:\windows\system32\drmv2clt.dll 2015-02-03 03:30 . 2015-03-11 05:06 497664 ----a-w- c:\windows\system32\drmmgrtn.dll 2015-02-03 03:30 . 2015-03-11 05:06 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-02-03 03:30 . 2015-03-11 05:06 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-02-03 03:30 . 2015-03-11 05:06 1069056 ----a-w- c:\windows\system32\cryptui.dll 2015-02-03 03:30 . 2015-03-11 05:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll 2015-02-03 03:30 . 2015-03-11 05:06 82432 ----a-w- c:\windows\system32\cryptsp.dll 2015-02-03 03:30 . 2015-03-11 05:06 842240 ----a-w- c:\windows\system32\blackbox.dll 2015-02-03 03:30 . 2015-03-11 05:06 680960 ----a-w- c:\windows\system32\audiosrv.dll 2015-02-03 03:30 . 2015-03-11 05:06 296448 ----a-w- c:\windows\system32\AudioSes.dll 2015-02-03 03:30 . 2015-03-11 05:06 440832 ----a-w- c:\windows\system32\AudioEng.dll 2015-02-03 03:30 . 2015-03-11 05:06 58880 ----a-w- c:\windows\system32\appidapi.dll 2015-02-03 03:30 . 2015-03-11 05:06 32256 ----a-w- c:\windows\system32\appidsvc.dll 2015-02-03 03:30 . 2015-03-11 05:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-02-03 03:30 . 2015-03-11 05:06 9728 ----a-w- c:\windows\system32\pcalua.exe 2015-02-03 03:30 . 2015-03-11 05:06 11264 ----a-w- c:\windows\system32\pcawrk.exe 2015-02-03 03:30 . 2015-03-11 05:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-02-03 03:30 . 2015-03-11 05:06 126464 ----a-w- c:\windows\system32\audiodg.exe 2015-02-03 03:30 . 2015-03-11 05:06 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-02-03 03:30 . 2015-03-11 05:06 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-02-03 03:30 . 2015-03-11 05:06 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-02-03 03:29 . 2015-03-11 05:06 8704 ----a-w- c:\windows\system32\pcaevts.dll 2015-02-03 03:28 . 2015-03-11 05:06 2048 ----a-w- c:\windows\system32\mferror.dll 2015-02-03 03:19 . 2015-03-11 05:06 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys 2015-02-03 03:12 . 2015-03-11 05:06 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-02-03 03:12 . 2015-03-11 05:06 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll 2015-02-03 03:12 . 2015-03-11 05:05 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2015-02-03 03:12 . 2015-03-11 05:06 171520 ----a-w- c:\windows\SysWow64\ubpm.dll 2015-02-03 03:12 . 2015-03-11 05:06 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2015-02-03 03:12 . 2015-03-11 05:06 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\program files\Steam\steam.exe" [2015-04-13 2889408] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056] "Spotify Web Helper"="c:\users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-02-15 1676344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800] . c:\users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2014-10-24 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x] S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x] S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-16 11:59 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 12:12] . 2015-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18 19:32] . 2015-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18 19:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\g03ff0aw.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file) Wow6432Node-HKCU-Run-AceWebException - c:\users\Daryl\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\SecuROM\License information*] "datasecu"=hex:78,2b,0e,8f,7f,d7,b5,03,09,62,fb,75,1a,66,86,e7,d0,c4,8e,4e,09, 68,55,d3,41,67,a2,b3,fb,02,5d,30,be,a6,3d,98,99,bf,2d,27,67,fb,d1,3b,a4,e5,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-04-28 11:43:08 ComboFix-quarantined-files.txt 2015-04-28 15:43 . Pre-Run: 9,165,275,136 bytes free Post-Run: 8,976,977,920 bytes free . - - End Of File - - 3D95E40574251182BFD765C4B952FB1F A36C5E4F47E84449FF07ED3517B43A31 -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/28/2015 Scan Time: 10:53:16 AM Logfile: okkk.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.04.28.04 Rootkit Database: v2015.04.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Daryl Scan Type: Threat Scan Result: Completed Objects Scanned: 409919 Time Elapsed: 5 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ______________________________________________________________ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01 Ran by Daryl at 2015-04-28 11:01:18 Run:1 Running from C:\Users\Daryl\Desktop Loaded Profiles: Daryl (Available profiles: Daryl & Jessie) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: ATTENTION: System Restore is disabled. HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheHunter Hack Tool.lnk [2015-03-15] ShortcutTarget: TheHunter Hack Tool.lnk -> C:\ProgramData\{ce310c20-84c0-ba62-ce31-10c2084c3082}\TheHunter Hack Tool.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S4 np20ugt; C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat [89 2012-09-01] () [File not signed] C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat CHR Extension: (TreMendOusSalee) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm [2015-04-10] 2015-04-10 08:33 - 2015-04-28 07:51 - 00000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2015-04-10 04:54 - 2015-04-10 09:49 - 00000000 ____D () C:\Program Files (x86)\BorderlineInstance 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\TreMendOusSalee 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\NoNNoeizzeBrowwsEE 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\Bookmarks Button 2015-04-10 04:53 - 2015-04-10 04:53 - 00000000 ____D () C:\ProgramData\16636086434125824409 2012-09-01 17:29 - 2012-09-01 17:29 - 0086080 _____ () C:\Users\Daryl\AppData\Roaming\aftr4sb.dat 2015-04-10 08:33 - 2015-04-28 07:51 - 0000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2012-09-01 17:29 - 2012-09-01 17:29 - 0000089 ____H () C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat 2012-09-01 17:29 - 2012-09-01 17:29 - 0090176 _____ () C:\Users\Daryl\AppData\Roaming\lj1y6nb.dat 2012-09-01 17:28 - 2012-09-01 17:28 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\serjs58n.dat 2012-09-03 17:41 - 2012-09-03 17:41 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\slr8k5s.dat 2014-03-15 16:54 - 2014-03-15 16:54 - 0012586 _____ () C:\ProgramData\mptmqteo.hmi C:\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe C:\Users\Jessie\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Jessie\AppData\Local\Temp\nvStInst.exe C:\Users\Jessie\AppData\Local\Temp\tbSomo.dll Hosts: EmptyTemp: Reboot: end ***************** Processes closed successfully. ATTENTION: System Restore is disabled. => Error: No automatic fix found for this entry. HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. "HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully. C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheHunter Hack Tool.lnk => Moved successfully. C:\ProgramData\{ce310c20-84c0-ba62-ce31-10c2084c3082}\TheHunter Hack Tool.exe not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. np20ugt => Service deleted successfully. C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat => Moved successfully. C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm => Moved successfully. C:\Users\Daryl\AppData\Roaming\appdataFr3.bin => Moved successfully. C:\Program Files (x86)\BorderlineInstance => Moved successfully. C:\Program Files (x86)\TreMendOusSalee => Moved successfully. C:\Program Files (x86)\NoNNoeizzeBrowwsEE => Moved successfully. C:\Program Files (x86)\Bookmarks Button => Moved successfully. C:\ProgramData\16636086434125824409 => Moved successfully. C:\Users\Daryl\AppData\Roaming\aftr4sb.dat => Moved successfully. "C:\Users\Daryl\AppData\Roaming\appdataFr3.bin" => File/Directory not found. "C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat" => File/Directory not found. C:\Users\Daryl\AppData\Roaming\lj1y6nb.dat => Moved successfully. C:\Users\Daryl\AppData\Roaming\serjs58n.dat => Moved successfully. C:\Users\Daryl\AppData\Roaming\slr8k5s.dat => Moved successfully. C:\ProgramData\mptmqteo.hmi => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\tbSomo.dll => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 1.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 11:01:36 ==== -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
Oh boy.. well let's go ahead and try to get this disinfected. Thank you for all your help. -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01 Ran by Daryl at 2015-04-28 09:14:29 Running from C:\Users\Daryl\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3472384728-3891243327-1104791788-500 - Administrator - Disabled) Daryl (S-1-5-21-3472384728-3891243327-1104791788-1000 - Administrator - Enabled) => C:\Users\Daryl Guest (S-1-5-21-3472384728-3891243327-1104791788-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3472384728-3891243327-1104791788-1003 - Limited - Enabled) Jessie (S-1-5-21-3472384728-3891243327-1104791788-1001 - Administrator - Enabled) => C:\Users\Jessie ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version: - 11 bit studios) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - ) ARMA 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive) ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 12 v.12.0.5 (HKLM-x32\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology) ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) calibre (HKLM-x32\...\{3CA0D836-B5E7-463D-A1C5-9F49B3E3EDE6}) (Version: 2.20.0 - Kovid Goyal) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version: - ) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Curse Client (HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd) Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: - ) Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Bethesda Softworks) Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Gtuner (HKLM-x32\...\Gtuner) (Version: 3.06 - ConsoleTuner) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - ) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment) Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NBA 2K15 (HKLM-x32\...\TkJBMksxNQ==_is1) (Version: 1 - ) NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation) NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.) Reign Of Kings (HKLM-x32\...\Steam App 344760) (Version: - Code}{atch) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media) Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games) Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital) Spotify (HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) Terraria (HKLM-x32\...\Steam App 105600) (Version: - ) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - ) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.) The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - ) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000_Classes\CLSID\{2e36278b-7158-4983-86bb-361476ff07de}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2012-05-14 19:11 - 00000894 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 secure.nero.com/us/secure.asp 127.0.0.1 activation@nero.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1068A1E1-F573-49EF-97DC-8288B560412C} - System32\Tasks\{4A126F29-68D3-41E5-BD8D-0F6A892B16BE} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95168\ARMA2_OA_Build_95168.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95168 Task: {27157C47-B340-41CD-9391-37B0B5BC358A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {28F8F141-2E65-481D-99F9-B8F03DD9F356} - System32\Tasks\{C2054620-A0C6-4127-A48C-B4F41A711577} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95417\ARMA2_OA_Build_95417.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95417 Task: {2DA4F1FD-AF6C-4B1F-AEC6-2A860C4EBE8D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {3797FABC-A245-452C-BA67-76608E1A25D3} - System32\Tasks\{6625D140-6040-4826-ADDD-120A62333C59} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95883\ARMA2_OA_Build_95883.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95883 Task: {3D432748-CDD4-455E-8253-54C97CEE465C} - System32\Tasks\{A6160631-8509-41BB-BDB2-20A7D2B1CEA4} => pcalua.exe -a D:\ARMA2_OA_Build_93348\ARMA2_OA_Build_93348.exe -d D:\ARMA2_OA_Build_93348 Task: {4E557CB1-F78A-4D6F-BF9B-2571DDB9D138} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {52687A62-1C75-4A63-A010-289D7E081FCC} - System32\Tasks\{CA85425A-81A6-400D-9477-DDAF024EF01C} => pcalua.exe -a "C:\Program Files (x86)\ReadyCoupon\ReadyCoupon.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" "" Task: {54EBE995-3864-4C12-8EC1-24EA2F2AB03E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {6E012910-D704-48C0-A3DE-56CF54D58221} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-18] (Adobe Systems Incorporated) Task: {9A3C42A6-7059-43D9-A017-A7BD787539E4} - System32\Tasks\{76FF96A9-22E1-4E97-904E-37C6B5B5186B} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_94876\ARMA2_OA_Build_94876.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_94876 Task: {C8464A56-7334-43E4-A990-6B5E1E338AFC} - System32\Tasks\{0795CCEB-A2C7-4976-A567-AD11EC8AB97F} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95389\ARMA2_OA_Build_95389.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95389 Task: {C850DA77-775D-42D4-A509-2F59A101C087} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {CC71B711-5443-467F-9DD1-53C5063928DC} - System32\Tasks\{A15EB4E9-5038-4241-BBAF-4F973AA0894D} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_96476\ARMA2_OA_Build_96476.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_96476 Task: {D1FBD824-27C7-4905-8ABF-A4500D31462B} - System32\Tasks\{B78529DF-78B8-4793-8BEB-8ABAA34FF92A} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_96751\ARMA2_OA_Build_96751.exe Task: {D83BB66C-BF25-42DE-B380-8F2A99627092} - System32\Tasks\{E803EBAE-736A-4F28-A66B-CD61FD6AF44F} => pcalua.exe -a "D:\Program Files\Steam\steam.exe" -c steam://uninstall/44320 Task: {D9779688-C5FB-4095-97C4-82F582B30D69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E70ED4BA-486C-4C5A-B6E3-498BD1D77DF4} - System32\Tasks\{651DEE53-5D48-4597-BC0B-A74B46D8F98C} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_96061\ARMA2_OA_Build_96061.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_96061 Task: {EE27586C-E1D0-46C3-819B-FE3DE2639F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) Task: {F286E922-33B5-4407-BA01-8BB818824BD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-04-10 19:57 - 2015-04-08 17:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-15 20:15 - 2013-03-15 20:15 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-04-26 06:23 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2014-12-15 22:28 - 2012-01-29 17:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll 2014-12-15 22:28 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-04-08 08:40 - 2015-03-27 23:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: np20ugt => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Daryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup MSCONFIG\startupfolder: C:^Users^Daryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun MSCONFIG\startupreg: Google Update => "C:\Users\Daryl\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: msetux => "C:\Windows\System32\rundll32.exe" "C:\Users\Daryl\AppData\Roaming\msetux.dll",EvalCode MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Daryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86b62c6883ca47d0b2516d16b2d189c9-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE MSCONFIG\startupreg: XFastUsb => C:\Program Files (x86)\XFastUsb\XFastUsb.exe ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80 FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80 FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80 FirewallRules: [TCP Query User{9A49D5CE-432C-45B7-8EE7-395E8417E703}D:\program files\steam\steam.exe] => (Allow) D:\program files\steam\steam.exe FirewallRules: [uDP Query User{16F852B4-BF92-4702-9113-94004C848E56}D:\program files\steam\steam.exe] => (Allow) D:\program files\steam\steam.exe FirewallRules: [{017BE8C7-3A22-43AB-8204-EE1165C77D9C}] => (Allow) D:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{F3C0170D-7C2D-44BF-AFBE-443E0C708828}] => (Allow) D:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe FirewallRules: [TCP Query User{D2A25E4D-E9A9-46F4-B50F-C032E55DD047}D:\program files\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files\steam\steamapps\common\counter-strike source\hl2.exe FirewallRules: [uDP Query User{7112BDA3-CF51-4E44-9963-824B8877D86A}D:\program files\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files\steam\steamapps\common\counter-strike source\hl2.exe FirewallRules: [{0AFB428A-5265-4E9B-BA1E-C070AD9161C7}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{0FFFF8C1-51D8-41CE-A35F-9C9994647A95}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{472A84A1-ED90-4905-AD24-55FC9DF8FE22}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe FirewallRules: [{FD48D76D-C670-48AD-9965-98155482A17E}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe FirewallRules: [{B5C4D574-924E-48C2-BE5E-81BA52543B78}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe FirewallRules: [{10C896F9-216C-4D16-A5B6-3AE7D692F625}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe FirewallRules: [{FB4B9053-3A94-4A32-88D7-45DA34C9D483}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe FirewallRules: [{317B394B-4890-4620-AD02-D18CC8644379}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe FirewallRules: [{DB135C20-29CC-4A44-B32E-A88C78597850}] => (Allow) D:\Program Files\Steam\steamapps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{D5540CCE-4B8B-42C0-A570-33AE495E81E0}] => (Allow) D:\Program Files\Steam\steamapps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{39DF694A-F9BD-4975-BBA3-D6CFDCA25859}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{FBA57D93-FF97-4863-B9CE-445A3F2024FB}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{A5062045-DCA9-4DDA-AB1F-2AC5D1782E2D}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{B32A144B-E0EA-441D-B4EF-DE85EBEC130F}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{49B117F2-7BD5-49A1-87D2-5D384E651B16}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B6306530-9538-454E-9A70-3A3A6F856BA2}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{A4C825E5-44F2-40D8-B9C4-1E7DDF5711FC}D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe] => (Allow) D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe FirewallRules: [uDP Query User{05C9956B-B378-4463-B465-6BAE2B79DDB5}D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe] => (Allow) D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe FirewallRules: [{BF3C9DB7-D607-4543-A540-0569288EF3A9}] => (Allow) D:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{49B99D37-02F0-4AF9-A6DC-9EC1A90C80B2}] => (Allow) D:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{F9E083A9-A09F-4D2C-AC66-5C0FF33E0F0B}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{A377125C-4D5D-4327-B0FD-C6342005029A}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{5A83AEC6-6CBC-4FD8-8110-DB0F1393300A}] => (Allow) D:\Program Files\Steam\steamapps\common\Monaco\MONACO.exe FirewallRules: [{77C7346C-736A-434A-B865-37BEE0966DBC}] => (Allow) D:\Program Files\Steam\steamapps\common\Monaco\MONACO.exe FirewallRules: [{7029CB0B-5D9C-4868-BF57-E701E613ED2A}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe FirewallRules: [{CD273A6D-BE62-45E3-BEFE-837E139456E6}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe FirewallRules: [{B164EB74-CD1D-40AE-9B52-0F8E03A4384D}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe FirewallRules: [{3782D211-059F-44A7-9877-9D27E6B18193}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe FirewallRules: [{5D5059C7-DC6B-47E3-B025-FAEB83A5E7AE}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe FirewallRules: [{2F4AB13A-0DF9-495E-8EBA-335CFD1E2545}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe FirewallRules: [{53B34A57-E097-4A5B-9B73-72DE1802C94C}] => (Allow) C:\Users\Daryl\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{47260D74-058A-45B8-8D79-2E6F7FD709F1}] => (Allow) C:\Users\Daryl\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{E992BC12-6958-40CA-8399-22E9D9C3FFE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DCC97CF9-475D-4CE0-BEA2-400BB2737897}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{026AB76E-2E9C-4B6A-BA0B-BC04C66E4A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{CEF8F353-4051-4A28-9D69-DBA98A9F6E91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{DF7E44E6-54FA-4E46-94C7-0343F510DFF1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5FEAA292-4467-4803-907A-09074C305577}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{9A387B3B-4037-4109-AFFB-EA5DA5E02FEB}] => (Allow) D:\Program Files\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe FirewallRules: [{F1CD55DA-03C7-4060-967C-D830EF4E491A}] => (Allow) D:\Program Files\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe FirewallRules: [{D10EEB9D-7A8A-4BCC-8E61-213C789CCD05}] => (Allow) D:\Program Files\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{9C076B04-94C5-4319-A0C0-1D46654FA4E0}] => (Allow) D:\Program Files\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{90AD49D4-7D53-406C-BB7C-3315AF470C21}] => (Allow) D:\Program Files\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe FirewallRules: [{BD21BF16-829B-43EA-8AE2-C5F2CB3FBDC3}] => (Allow) D:\Program Files\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe FirewallRules: [{66A73272-A188-45FB-AB59-FC36DCB43285}] => (Allow) D:\Program Files\Steam\steamapps\common\portal 2\portal2.exe FirewallRules: [{6EF7C6D0-47F7-4E3A-A203-78291B77C8F2}] => (Allow) D:\Program Files\Steam\steamapps\common\portal 2\portal2.exe FirewallRules: [{0911FE5B-0B53-47A8-9B40-A2B0AF99EB38}] => (Allow) D:\Program Files\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe FirewallRules: [{1E5C6E38-92B9-403B-9F57-9C1BBDDBAEB6}] => (Allow) D:\Program Files\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe FirewallRules: [{388DE20D-93B0-40E6-BA80-ECF37953EFAD}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{83AA2634-5A13-44C5-8CC1-A498EFE8774C}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{37BFAB0D-86B1-4C8B-BFD3-E603272CF957}D:\program files\diablo iii\diablo iii.exe] => (Allow) D:\program files\diablo iii\diablo iii.exe FirewallRules: [uDP Query User{9CA65088-BE7C-4B64-A640-1CD63BBA173D}D:\program files\diablo iii\diablo iii.exe] => (Allow) D:\program files\diablo iii\diablo iii.exe FirewallRules: [{7210A056-435E-4A97-9952-365A2E7BBD5D}] => (Allow) D:\Program Files\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe FirewallRules: [{0453361E-47EF-4615-9120-B9A8DF1700C4}] => (Allow) D:\Program Files\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe FirewallRules: [TCP Query User{8C080345-2F8D-43AC-88F0-8AFE5C290DE6}D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe FirewallRules: [uDP Query User{4AF5DD34-0C8F-45E3-BA20-16F43CC1753A}D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe FirewallRules: [{FC011A72-9A69-4099-9FB9-E36536D34DFD}] => (Allow) D:\Program Files\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe FirewallRules: [{A090206E-4F42-45E7-8B2E-E315EBF7792B}] => (Allow) D:\Program Files\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe FirewallRules: [{902DB92F-B58F-4E9D-A257-517F712BC748}] => (Allow) D:\Program Files\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{0BB87C43-7182-490B-A25D-91295DDFB382}] => (Allow) D:\Program Files\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{54E304CE-AFD2-4F55-9A06-490CFB8ABE80}] => (Allow) D:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{2653F14F-20ED-4A86-8B15-67F747EE003B}] => (Allow) D:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{3CC2A49F-61F3-452E-A384-AD6D8950956A}] => (Allow) C:\Users\Daryl\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{DE8D1B45-7518-4B91-BF88-6E9E8D02AC36}] => (Allow) C:\Users\Daryl\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{D13AC959-E1A6-44D2-BF66-1CB36D4927EB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{A71DEE64-3082-498D-B74C-ADAAA7563AB9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{5714D90D-D051-46BD-B04E-4B8AE798544D}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe FirewallRules: [{68B44682-AE42-4AF3-A855-523C4FF53036}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe FirewallRules: [{00B7064B-E97C-46BB-88C5-BE22AD4CC25E}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{1B517190-1120-47DD-9151-FFE03B945A13}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{F70AC9FE-8C95-4195-9838-C6BBDAB8F921}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{18D779BF-F363-4EB4-9452-632F7C7A221A}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{46631546-1422-4A62-BF3E-6040ED3C93DC}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe FirewallRules: [{2B0F7A07-FB91-48F5-B8B3-203884B4C819}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe FirewallRules: [TCP Query User{7BF94D5C-9853-4578-8893-99820B4E4984}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe FirewallRules: [uDP Query User{FD86358F-75F3-4EDC-8CB1-D9557BFEB58D}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe FirewallRules: [{356FCF54-7406-42AC-9EF0-A548D2F7956A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7931C1DE-5283-4831-ADAC-A9F3061A2D71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{862B8BFC-625B-4946-B5BD-4D89BCD248E6}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe FirewallRules: [{C74D1A03-C2AB-44E8-9F77-C6F4421A0CEB}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe FirewallRules: [{9E546C70-F79D-412F-AF3D-70DC3CCBAD26}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BC61446A-42E6-4CD3-ACF1-10907C9FF81D}] => (Allow) D:\Program Files\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{87BAA1F6-EE92-4F61-9ACC-C77A7DB327E9}] => (Allow) D:\Program Files\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{DC8FCC16-395F-426F-BBB6-73A42B641F4E}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\ROK.exe FirewallRules: [{CE10226B-B066-4363-81C7-666E32CCC75F}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\ROK.exe FirewallRules: [{030A2BFC-9DA6-4FD4-AF06-196CD3DC4BF8}] => (Allow) D:\Program Files\Steam\steamapps\common\Dead Island\DeadIslandGame.exe FirewallRules: [{EDE8E348-11E3-4158-A9DB-8C1928291DBA}] => (Allow) D:\Program Files\Steam\steamapps\common\Dead Island\DeadIslandGame.exe FirewallRules: [{AEEB0EC2-EE73-4D2C-A77B-88E9817D4388}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{4D59D664-9E61-4B81-9A7E-B8E6BE4D9AA8}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{F2C8AB57-7490-45EC-8ACD-149FB1FDB824}] => (Allow) D:\Program Files\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{22369F88-DBFF-4953-A04C-AE34CFF45603}] => (Allow) D:\Program Files\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{AE558493-1355-4144-9C14-51D0AC4D25B5}] => (Allow) D:\Program Files\Steam\steamapps\common\warhammer 40,000 space marine\SpaceMarine.exe FirewallRules: [{7DDFEF84-DBA9-49EF-8530-04C113AB223E}] => (Allow) D:\Program Files\Steam\steamapps\common\warhammer 40,000 space marine\SpaceMarine.exe FirewallRules: [{23A88C45-12F4-446D-945E-9FAD7A7FEA84}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\Reign of Kings.exe FirewallRules: [{D84373E1-02BF-4764-B442-7A7CF895C9E5}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\Reign of Kings.exe FirewallRules: [{9D1F475B-9C99-4FEA-A97F-586E73296559}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{19C69FF9-F70D-4214-818C-1C298FECB374}] => (Allow) C:\Users\Daryl\AppData\Local\Apps\2.0\RGBXT4AW.HWE\WHM08VAH.NRB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe FirewallRules: [{DADF9939-0BF7-4B76-946C-50D824A37E0D}] => (Allow) C:\Users\Daryl\AppData\Local\Apps\2.0\RGBXT4AW.HWE\WHM08VAH.NRB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe FirewallRules: [{211C6696-15E6-488F-8175-0AAE181B0E03}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe FirewallRules: [{3076C035-FC1B-4F27-86E8-1F6A66402DD5}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2015 08:33:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (04/28/2015 08:16:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:45:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (04/26/2015 11:25:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 11:24:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (04/26/2015 10:51:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 10:50:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 System errors: ============= Error: (04/28/2015 08:14:15 AM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (04/28/2015 08:13:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/28/2015 08:13:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 3 time(s). Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (04/28/2015 08:33:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad Error: (04/28/2015 08:16:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:45:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad Error: (04/26/2015 11:25:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 11:24:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad Error: (04/26/2015 10:51:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 10:50:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad CodeIntegrity Errors: =================================== Date: 2012-04-23 23:02:45.289 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 23:02:45.289 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 23:00:57.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 23:00:57.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:57:26.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:57:26.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:56:08.454 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:56:08.454 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:54:39.367 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:54:39.351 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5-2500 CPU @ 3.30GHz Percentage of memory in use: 21% Total physical RAM: 8103.52 MB Available physical RAM: 6395.75 MB Total Pagefile: 8101.71 MB Available Pagefile: 6221.3 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:59.53 GB) (Free:7.25 GB) NTFS Drive d: (HDD) (Fixed) (Total:1397.26 GB) (Free:343.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 5DA2DBCC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: AAD0F69D) Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
Chrome infected with popups.. help please!
DarylM replied to DarylM's topic in Resolved Malware Removal Logs
Hi Borislav! Thank you so much for replying. Here are my logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01 Ran by Daryl (administrator) on DARYL-PC on 28-04-2015 09:14:12 Running from C:\Users\Daryl\Desktop Loaded Profiles: Daryl (Available profiles: Daryl & Jessie) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) C:\Users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [steam] => D:\Program Files\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [spotify Web Helper] => C:\Users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-15] (Spotify Ltd) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [AceWebException] => C:\Users\Daryl\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\MountPoints2: {e72a9c21-6c68-11e2-9c03-bc5ff435603a} - H:\LaunchU3.exe -a HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-10-24] () Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheHunter Hack Tool.lnk [2015-03-15] ShortcutTarget: TheHunter Hack Tool.lnk -> C:\ProgramData\{ce310c20-84c0-ba62-ce31-10c2084c3082}\TheHunter Hack Tool.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> DefaultScope {DE73AEB0-240D-4fad-8986-34A0746E8462} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> {DE73AEB0-240D-4fad-8986-34A0746E8462} URL = https://www.google.com/search?q={searchTerms} BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\g03ff0aw.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3472384728-3891243327-1104791788-1000: @acestream.net/acestreamplugin,version=3.0.3 -> C:\Users\Daryl\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> https://www.google.com/ CHR StartupUrls: Default -> "https://www.google.com/" CHR Profile: C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-18] CHR Extension: (Slinky Elegant) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-04-26] CHR Extension: (Adblock Plus) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-18] CHR Extension: (Google Search) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-18] CHR Extension: (TreMendOusSalee) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm [2015-04-10] CHR Extension: (Bookmark Manager) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-22] CHR Extension: (SparkChess 7) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-01-18] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27] CHR Extension: (Webcam Toy) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-01-18] CHR Extension: (Google Wallet) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18] CHR Extension: (Battlelog Emblem Editor Extended) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\noagedoiolkfaoaknohhepocfeooibjb [2015-04-03] CHR Extension: (Gmail) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-15] () [File not signed] R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S4 np20ugt; C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat [89 2012-09-01] () [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-03-15] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-04] (Disc Soft Ltd) R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 09:14 - 2015-04-28 09:14 - 00015235 _____ () C:\Users\Daryl\Desktop\FRST.txt 2015-04-28 08:47 - 2015-04-28 09:14 - 00000000 ____D () C:\FRST 2015-04-28 08:47 - 2015-04-28 08:47 - 02100736 _____ (Farbar) C:\Users\Daryl\Desktop\FRST64.exe 2015-04-28 08:08 - 2015-04-28 08:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DARYL-PC-Windows-7-Home-Premium-(64-bit).dat 2015-04-28 08:08 - 2015-04-28 08:08 - 00000000 ____D () C:\RegBackup 2015-04-28 08:07 - 2015-04-28 08:07 - 02224640 _____ () C:\Users\Daryl\Desktop\adwcleaner_4.202.exe 2015-04-28 08:06 - 2015-04-28 08:06 - 02716174 _____ (Thisisu) C:\Users\Daryl\Desktop\JRT.exe 2015-04-26 10:54 - 2015-04-26 10:54 - 00000000 _____ () C:\autoexec.bat 2015-04-26 10:50 - 2015-04-26 10:50 - 00087992 _____ () C:\Users\Daryl\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-26 10:49 - 2015-04-28 08:14 - 00000840 _____ () C:\Windows\setupact.log 2015-04-26 10:49 - 2015-04-26 10:49 - 04900016 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-26 10:49 - 2015-04-26 10:49 - 00000354 _____ () C:\Windows\PFRO.log 2015-04-26 10:49 - 2015-04-26 10:49 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-26 10:48 - 2015-04-26 10:49 - 00167516 _____ () C:\Users\Daryl\Documents\cc_20150426_104854.reg 2015-04-26 00:30 - 2015-04-26 00:30 - 00003200 _____ () C:\Windows\System32\Tasks\{CA85425A-81A6-400D-9477-DDAF024EF01C} 2015-04-22 10:26 - 2015-04-08 16:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-04-22 10:25 - 2015-04-08 20:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-04-22 10:25 - 2015-04-08 20:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-04-15 01:26 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 01:26 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 01:26 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 01:26 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-15 01:26 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-15 01:26 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 01:26 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 01:26 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 01:26 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 01:26 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 01:26 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 01:26 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 01:26 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-15 01:26 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-15 01:26 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 01:26 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 01:26 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-15 01:26 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-15 01:26 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 01:26 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 01:26 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 01:26 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-15 01:26 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-15 01:26 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-15 01:26 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-15 01:26 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-15 01:26 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-15 01:26 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-15 01:26 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-15 01:26 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-15 01:26 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 01:26 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 01:26 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 01:26 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 01:26 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-15 01:26 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-15 01:26 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-15 01:26 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 01:26 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-15 01:26 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-15 01:26 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 01:26 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 01:26 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-15 01:26 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-15 01:26 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-15 01:26 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 01:26 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-15 01:26 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 01:25 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 01:25 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 01:25 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 01:25 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 01:25 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 01:25 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 01:25 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 01:25 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 01:25 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 01:25 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 01:25 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 01:25 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 01:25 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 01:25 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 01:25 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 01:25 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-15 01:25 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 01:25 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 01:25 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 01:25 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-15 01:25 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-15 01:25 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 01:25 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 01:25 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 01:25 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 01:25 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-15 01:25 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-15 01:25 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-15 01:25 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-15 01:25 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 01:25 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-15 01:25 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 01:25 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 01:25 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 01:25 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-15 01:25 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-15 01:25 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 01:25 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 01:25 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 01:25 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-15 01:25 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-15 01:25 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 01:25 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 01:25 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 01:25 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 01:25 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-15 01:25 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 01:25 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 01:25 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-14 16:44 - 2015-04-14 16:44 - 00000000 ____D () C:\Users\Daryl\AppData\Local\openvr 2015-04-10 08:33 - 2015-04-28 07:51 - 00000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2015-04-10 04:54 - 2015-04-10 09:49 - 00000000 ____D () C:\Program Files (x86)\BorderlineInstance 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\TreMendOusSalee 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\NoNNoeizzeBrowwsEE 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\Bookmarks Button 2015-04-10 04:53 - 2015-04-10 04:53 - 00000000 ____D () C:\ProgramData\16636086434125824409 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 09:08 - 2012-04-25 19:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-28 08:59 - 2014-01-18 15:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-28 08:54 - 2012-04-25 19:35 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\uTorrent 2015-04-28 08:22 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-28 08:22 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-28 08:20 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-28 08:17 - 2012-04-23 21:23 - 01739313 _____ () C:\Windows\WindowsUpdate.log 2015-04-28 08:14 - 2014-12-07 22:21 - 00000000 ____D () C:\Users\Daryl\AppData\Local\Deployment 2015-04-28 08:14 - 2014-04-10 19:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-28 08:14 - 2014-01-18 15:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-28 08:14 - 2012-11-14 19:13 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2015-04-28 08:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-28 08:13 - 2014-01-01 21:30 - 00000000 ____D () C:\AdwCleaner 2015-04-26 15:43 - 2014-08-06 07:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-26 11:25 - 2014-08-06 07:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-26 10:47 - 2014-01-01 21:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-04-26 00:47 - 2012-10-28 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-22 21:39 - 2012-10-20 21:38 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\vlc 2015-04-22 10:29 - 2014-04-10 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-04-22 10:26 - 2014-04-10 19:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-16 01:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 03:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-04-15 03:22 - 2014-12-10 04:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-15 03:22 - 2014-05-07 07:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-15 03:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-04-15 03:06 - 2012-10-27 07:57 - 00778744 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-15 03:06 - 2012-06-09 11:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 03:05 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-12 21:41 - 2015-02-15 15:35 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\Spotify 2015-04-12 18:55 - 2015-02-15 15:36 - 00000000 ____D () C:\Users\Daryl\AppData\Local\Spotify 2015-04-10 11:06 - 2012-04-29 08:22 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\DAEMON Tools Lite 2015-04-10 11:03 - 2012-11-12 19:10 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\Skype 2015-04-10 09:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME 2015-04-08 20:58 - 2014-04-10 19:56 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-04-08 20:58 - 2014-04-10 19:56 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-04-08 20:58 - 2014-04-10 19:56 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-04-08 20:58 - 2014-04-10 19:56 - 00029329 _____ () C:\Windows\system32\nvinfo.pb 2015-04-08 17:30 - 2014-10-26 22:13 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-04-08 17:30 - 2014-04-10 19:57 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-04-08 13:52 - 2014-04-10 19:57 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin 2015-04-06 11:16 - 2013-12-15 10:10 - 00000000 ____D () C:\Users\Daryl\AppData\Local\Battle.net 2015-04-05 17:00 - 2013-12-15 10:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-04-01 11:16 - 2012-04-23 21:57 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-29 22:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-03-25 09:41 - 2015-03-25 09:41 - 0000132 _____ () C:\Users\Daryl\AppData\Roaming\Adobe BMP Format CS5 Prefs 2012-09-01 17:29 - 2012-09-01 17:29 - 0086080 _____ () C:\Users\Daryl\AppData\Roaming\aftr4sb.dat 2015-04-10 08:33 - 2015-04-28 07:51 - 0000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2012-09-01 17:29 - 2012-09-01 17:29 - 0000089 ____H () C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat 2015-03-15 12:49 - 2015-03-17 08:31 - 0000100 _____ () C:\Users\Daryl\AppData\Roaming\LauncherSettings_live.cfg 2012-09-01 17:29 - 2012-09-01 17:29 - 0090176 _____ () C:\Users\Daryl\AppData\Roaming\lj1y6nb.dat 2012-09-01 17:28 - 2012-09-01 17:28 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\serjs58n.dat 2012-09-03 17:41 - 2012-09-03 17:41 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\slr8k5s.dat 2015-03-15 12:56 - 2015-03-15 14:37 - 0000040 _____ () C:\Users\Daryl\AppData\Roaming\TheHunterSettings_steam_live.cfg 2015-03-25 09:42 - 2015-03-25 09:42 - 0001456 _____ () C:\Users\Daryl\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-03-15 16:54 - 2014-03-15 16:54 - 0012586 _____ () C:\ProgramData\mptmqteo.hmi Some content of TEMP: ==================== C:\Users\Daryl\AppData\Local\Temp\Quarantine.exe C:\Users\Daryl\AppData\Local\Temp\sqlite3.dll C:\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Jessie\AppData\Local\Temp\FoodBuzzInstaller.exe C:\Users\Jessie\AppData\Local\Temp\GenericUninstall.exe C:\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe C:\Users\Jessie\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Jessie\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Jessie\AppData\Local\Temp\nvStInst.exe C:\Users\Jessie\AppData\Local\Temp\setup.exe C:\Users\Jessie\AppData\Local\Temp\tbSomo.dll C:\Users\Jessie\AppData\Local\Temp\uninstaller.exe C:\Users\Jessie\AppData\Local\Temp\unlockphone1setup.exe C:\Users\Jessie\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 11:40 ==================== End Of Log ============================ -
Hi I've been working on trying to get my web browser, Google Chrome, cleaned up from a nasty popup with the name "EnormouSales". It puts ads in my pages, makes random words on webpages clickable, and sometimes opens a popup. Can anyone help me out?