Azlan

Looks much more better now, cant trace any more malwares. Will monitor within the next few weeks or so..

Step 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.9.1 (06.08.2015:1)OS: Windows 8.1 x64Ran by user on 12/06/2015 at 22:27:25.45~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SurftasticSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Surftastic ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\apnSuccessfully deleted: [Folder] C:\Users\user\appdata\local\crashrptSuccessfully deleted: [Folder] C:\ProgramData\5e3feb92df310a18Successfully deleted: [Folder] C:\ProgramData\DownSave [bHO.Multiplug] ~~~ Chrome [C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 12/06/2015 at 22:29:25.75End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 2 # AdwCleaner v4.206 - Logfile created 12/06/2015 at 22:33:28# Updated 01/06/2015 by Xplode# Database : 2015-06-09.1 [server]# Operating system : Windows 8.1 (x64)# Username : user - ADMIN# Running from : C:\Users\user\Desktop\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\users\user\AppData\Local\VNTFolder Deleted : C:\users\user\AppData\Local\Prompt DownloaderFolder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prompt DownloaderFolder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgFile Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cflheckfmhopnialghigdlggahiomebp ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.comKey Deleted : HKLM\SOFTWARE\WS.BoosterKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Google Chrome v43.0.2357.124 [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4605&co=MY&userid=dd3fc977-3a30-76d0-0440-f3e0a5387a25&searchtype=ds&q={searchTerms}&installDate=05/02/2014[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=113&systemid=102&v=n12281-314&apn_uid=7044352060304711&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?tpid=BTR-V7&o=APN11584&l=dis&pf=V7&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=&itbv=12.11.0.5199&doi=2014-05-22&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&psv=&pt=crx&trgb=CR&q={searchTerms}[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : 9B3D2D1BAB8FD01B6F53D99E0F12685B1CDAD602AE30E8ACA70BC3C79FF73E04"},"software_reporter":{"prompt_reason":"72BF1E4E7D76442229A3E1B3E10C04AAA952F7EE065689DD9BE60133D28BFB9D","prompt_seed":"4914DCB3CDE7A6C2DE4454ACD1418C7A146E77566A9C58EA0725FF1B8B84E70B","prompt_version":"6290A5CF12FEE0495CDA02B91E6A431AD8F73E96F2BA38124A0CC443004FBF16"},"sync":{"remaining_rollback_tries":"3CC7F0506707A630BB7E3F1EFF7FC4F19944BDE1CC62A723AE4D54BF925C82FA"}},"super_mac":"2AF7A7978A16ED30DD3730B413627F12D6951F9B781533DE4643BAE39750BA13"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx -\\ Chromium v -\\ Comodo Dragon v -\\ Chrome Canary v ************************* AdwCleaner[R0].txt - [9826 bytes] - [07/05/2014 20:58:44]AdwCleaner[R1].txt - [9334 bytes] - [12/06/2015 22:31:07]AdwCleaner[s0].txt - [9534 bytes] - [07/05/2014 21:01:37]AdwCleaner[s1].txt - [4723 bytes] - [12/06/2015 22:33:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4782 bytes] ########## Step 3 C:\Users\All Users\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Users\All Users\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgohhalecmoicdpmcfejjpoiinemgnol\7.2\w0xl.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\2nUkPnoMa9E.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\2XSAtKL2SDs.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\3Ce7v2QzBqO.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\51dKyVRA6hY.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\7TSTnjaanVe.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\ACVCq41pXPN.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\FkXx2OPZjRM.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\J9HUMLX7Gp4.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\jmXiYnQmOAB.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\L1m3BafHX3k.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\MgrZ2xlUOU7.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\MIAeqaUXNgD.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\MxfOSZavliv.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\nKc1Bb9ZDV9.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\nyXLdiLGBFI.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\o5r8LSPfITE.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RJ5NKu9vtxr.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\sHYrPfdZgc2.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\ULjftT8sOkR.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\utt8419.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\uzDAFEwzxQi.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\XFLSKoGkPGO.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\xJ8V8rOYHKG.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\XzW4JBlIbqj.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\zFxd36i52oS.exe.xBAD multiple threats deleted - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\klp10svc.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\klp11svc.exe.xBAD a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\SystemWhileIdle.exe.xBAD Win32/CoinMiner.QN trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\klp10svc.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\klp11svc.exe.xBAD a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\SystemWhileIdle.exe.xBAD Win32/CoinMiner.QN trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\klp10svc.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\klp11svc.exe a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX24\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX25\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\Roaming\tdd.exe.xBAD a variant of MSIL/Agent.JU trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\AppData\Roaming\wrk.exe.xBAD a variant of MSIL/Agent.JU trojan cleaned by deleting - quarantinedC:\FRST\Quarantine\C\Users\user\bmmqu\70124.vbs.xBAD VBS/Runner.NBV trojan cleaned by deleting - quarantinedC:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantinedC:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantinedC:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantinedC:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantinedC:\Program Files (x86)\Minecraft\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantinedC:\Program Files (x86)\Minecraft\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantinedC:\Program Files (x86)\Minecraft\Data\DirData.exe a variant of MSIL/HarvBot.H trojan cleaned by deleting - quarantinedC:\ProgramData\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application cleaned by deleting - quarantinedC:\ProgramData\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application cleaned by deleting - quarantinedC:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantinedC:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe a variant of MSIL/HarvBot.H trojan cleaned by deleting - quarantinedC:\Users\user\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantinedC:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantinedC:\Windows\Installer\MSI4798.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015 Ran by user at 2015-06-12 19:14:41 Run:6 Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: FirewallRules: [{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{168083F7-3502-4DC9-AFA8-A424277B71C4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5CC16690-0C72-40C5-975C-159692CC8CDB}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe FirewallRules: [{007F339C-FC2C-4ADF-861D-3C4E9E387B21}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe] => Enabled:Windows Messanger StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe] => Enabled:Windows Messanger HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 2015-05-29 06:47 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent 2013-11-18 07:58 - 2013-11-18 07:58 - 0087552 _____ () C:\Users\user\AppData\Roaming\tdd.exe 2013-11-17 22:12 - 2013-11-17 22:12 - 0086528 _____ () C:\Users\user\AppData\Roaming\wrk.exe C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Program Files (x86)\Music Toolbar EmptyTemp: Reboot: end ***************** Processes closed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{168083F7-3502-4DC9-AFA8-A424277B71C4} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CC16690-0C72-40C5-975C-159692CC8CDB} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{007F339C-FC2C-4ADF-861D-3C4E9E387B21} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => value removed successfully "HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a321c301-5660-11e3-824f-806e6f6e6963}" => key removed successfully HKCR\CLSID\{a321c301-5660-11e3-824f-806e6f6e6963} => key not found. C:\Users\user\AppData\Roaming\uTorrent => moved successfully. C:\Users\user\AppData\Roaming\tdd.exe => moved successfully. C:\Users\user\AppData\Roaming\wrk.exe => moved successfully. "C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe" => File/Folder not found. C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => moved successfully. "C:\Program Files (x86)\Music Toolbar" => File/Folder not found. EmptyTemp: => 2.3 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 19:16:23 ====

Bear with me for a couple more days, this pc is currently unbootable due to faulty PSU and RAM..

Step 1 Prompt Downloader - Uninstalled! PileFile reminder - Having error uninstalling this, when I log in to an administrator account, it doesnt show up in the program list Shopping Helper Smartbar Shopping Helper Smartbar Engine - Also having trouble uninstalling this one Step 2 I dont see any attached fixlist.txt file in your post Step 3 I did my scan in safe mode because this computer would die by itself in normal mode without any symptoms, it just shuts off.. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 30/05/2015Scan Time: 14:32:15Logfile: MBAM.txtAdministrator: Yes Version: 2.01.6.1022Malware Database: v2015.05.29.07Rootkit Database: v2015.05.24.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: user Scan Type: Threat ScanResult: CompletedObjects Scanned: 467255Time Elapsed: 26 min, 8 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

After nearly a year of my computer being unbootable, not sure why, I tried to turn it back on, then suddenly, amazingly it booted back on! My old topic was locked due to inactivity "http://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EBJ2Replaced,[94d18f0a94f68da9b1c0531d897db34d]EYYYYYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EMY&gct=hp&apn_ptnrs=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EBJ2&apn_dtid=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EYYYYYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" ],), Replaced,[94d18f0a94f68da9b1c0531d897db34d] Physical Sectors: 0(No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01Ran by user (administrator) on ADMIN on 29-05-2015 06:48:01Running from C:\Users\user\DesktopLoaded Profiles: user (Available Profiles: user)Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe() C:\Windows\DAODx.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17129_none_fa6387b99b0c7738\TiWorker.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2013-11-29] (Desura Pty Ltd)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-30] (Spotify Ltd)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Policies\system: [EnableLUA] 0HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-05-19]ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM-x32 -> DefaultScope value is missingBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-22] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-22] (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.43.1Tcpip\..\Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994}: [NameServer] 8.8.8.8,8.8.4.4 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-22] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-22] (Oracle Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)FF Plugin HKU\S-1-5-21-1375052093-4268391962-1033398323-1001: @nsroblox.roblox.com/launcher -> C:\Users\user\AppData\Local\Roblox\Versions\version-266c1c454a3c46ab\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.73\coFFFw Chrome: =======CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-13] (Hi-Rez Studios) [File not signed]R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)S3 cpuz136; \??\C:\Users\user\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-29 06:48 - 2015-05-29 06:49 - 00009513 _____ () C:\Users\user\Desktop\FRST.txt2015-05-29 06:45 - 2015-05-29 06:45 - 02108928 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe2015-05-29 05:59 - 2015-05-29 05:59 - 00010482 _____ () C:\Users\user\Desktop\MBAM.txt2015-05-29 05:26 - 2015-05-29 05:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-05-29 05:26 - 2015-05-29 05:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser2015-05-19 02:30 - 2015-05-19 02:30 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-05-19 02:30 - 2015-05-19 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-19 02:30 - 2015-05-19 02:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-19 02:30 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-05-19 02:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-05-19 02:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-05-19 02:29 - 2015-05-19 02:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.6.1022.exe2015-05-19 01:43 - 2015-05-19 01:43 - 00000000 ____D () C:\Users\user\AppData\Local\openvr2015-05-19 01:42 - 2015-05-19 01:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\TP-LINK2015-05-19 01:42 - 2015-05-19 01:42 - 00002287 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk2015-05-19 01:42 - 2015-05-19 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK2015-05-19 01:42 - 2015-05-19 01:42 - 00000000 ____D () C:\Program Files (x86)\TP-LINK2015-05-19 01:40 - 2013-04-18 17:13 - 00010414 _____ () C:\WINDOWS\system32\athw8x.cat2015-05-19 01:40 - 2013-01-22 14:41 - 03653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys2015-05-19 01:40 - 2013-01-22 14:41 - 03653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys2015-05-19 01:34 - 2015-03-23 06:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2015-05-19 01:34 - 2015-03-23 06:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2015-05-19 01:34 - 2015-03-23 06:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2015-05-19 01:34 - 2015-03-23 06:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2015-05-19 01:34 - 2015-03-23 06:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2015-05-19 01:34 - 2015-03-23 06:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2015-05-19 01:34 - 2015-03-23 06:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2015-05-19 01:34 - 2014-12-03 07:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2015-05-19 01:33 - 2015-05-19 01:33 - 00000000 ____D () C:\Users\user\AppData\Local\Steam2015-05-19 01:33 - 2015-01-21 13:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-05-19 01:33 - 2015-01-21 13:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-05-19 00:43 - 2015-05-19 00:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\java2015-05-19 00:42 - 2015-05-19 00:42 - 00000973 _____ () C:\Users\Public\Desktop\Minecraft.lnk2015-05-19 00:41 - 2015-05-19 00:41 - 02314240 _____ () C:\Users\user\Downloads\MinecraftInstaller.msi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-29 06:49 - 2013-11-26 14:29 - 01966152 _____ () C:\WINDOWS\WindowsUpdate.log2015-05-29 06:48 - 2014-05-04 17:01 - 00000000 ____D () C:\FRST2015-05-29 06:47 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent2015-05-29 06:45 - 2012-12-08 21:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1375052093-4268391962-1033398323-10012015-05-29 06:44 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-05-29 06:40 - 2013-05-30 17:33 - 00000000 ____D () C:\Users\user\AppData\Local\LogMeIn Hamachi2015-05-29 06:39 - 2013-09-30 04:03 - 00341126 _____ () C:\WINDOWS\PFRO.log2015-05-29 06:39 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-05-29 05:59 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN2015-05-29 05:33 - 2014-05-04 13:43 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-05-29 05:27 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-05-29 05:20 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-05-19 01:48 - 2013-12-12 22:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft2015-05-19 01:42 - 2012-12-08 23:56 - 00000000 ____D () C:\ProgramData\TP-LINK2015-05-19 01:42 - 2012-12-08 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-05-19 00:59 - 2014-06-27 15:50 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-19 00:59 - 2014-06-27 15:50 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-05-19 00:59 - 2014-06-27 15:50 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-05-19 00:59 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-19 00:56 - 2013-11-26 15:30 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6F87AA2-47CE-4E25-997E-0D75514F58AB}2015-05-19 00:43 - 2014-04-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Minecraft2015-05-19 00:42 - 2014-05-07 17:30 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps2015-05-19 00:42 - 2014-04-22 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft2015-05-18 20:36 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness ==================== Files in the root of some directories ======= 2013-09-10 23:35 - 2013-09-10 23:35 - 0000001 _____ () C:\Users\user\AppData\Roaming\asds.txt2014-04-13 11:22 - 2014-04-13 11:22 - 0000072 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan2013-11-18 07:58 - 2013-11-18 07:58 - 0087552 _____ () C:\Users\user\AppData\Roaming\tdd.exe2013-11-17 22:12 - 2013-11-17 22:12 - 0000001 _____ () C:\Users\user\AppData\Roaming\V1.5.txt2013-11-18 07:58 - 2013-11-18 07:58 - 0000001 _____ () C:\Users\user\AppData\Roaming\V4.0.txt2013-11-17 22:12 - 2013-11-17 22:12 - 0086528 _____ () C:\Users\user\AppData\Roaming\wrk.exe2013-10-04 18:11 - 2013-12-17 14:51 - 0011776 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-12-08 21:14 - 2012-12-08 21:14 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg2013-11-09 12:07 - 2013-11-10 13:56 - 0000915 _____ () C:\Users\user\AppData\Local\_settings.ini2014-05-25 19:58 - 2014-05-25 19:58 - 0000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE} Some files in TEMP:====================C:\Users\user\AppData\Local\Temp\HiPatchSelfUpdateWindow.exeC:\Users\user\AppData\Local\Temp\HiRezLauncherControls.dllC:\Users\user\AppData\Local\Temp\speccycpuid.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 23:05 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01Ran by user at 2015-05-29 06:50:06Running from C:\Users\user\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1375052093-4268391962-1033398323-500 - Administrator - Disabled)Guest (S-1-5-21-1375052093-4268391962-1033398323-501 - Limited - Disabled)user (S-1-5-21-1375052093-4268391962-1033398323-1001 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)BeamNG-DRIVE-0.3 (remove only) (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\BeamNG-DRIVE-0.3) (Version: - )BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\BeamNG-Techdemo-0.3) (Version: - )Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)Euro Truck Simulator 2 - Going East! (HKLM-x32\...\Euro Truck Simulator 2 - Going East!_is1) (Version: - )Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)Euro Truck Simulator 2 v1.3.1 (HKLM-x32\...\Euro Truck Simulator 2 v1.3.11.3.1) (Version: 1.3.1 - Friends in War)Euro Truck Simulator 2 v1.7.0 Update incl DLC (HKLM-x32\...\Euro Truck Simulator 2 v1.7.0 Update incl DLC_is1) (Version: - )Euro Truck Simulator 2 v1.8.2.5s (DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s) (Version: 1.8.2.5s - Friends in War)Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)1.9.22s) (Version: 1.9.22s - Friends in War)Euro Truck Simulator 2 version 1.9.22s + 3 DLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.9.22s + 3 DLC - )Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)Fraps (HKLM-x32\...\Fraps) (Version: - )Goat Simulator (HKLM-x32\...\Goat Simulator_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)Goat Simulator 2014 v1.0.27849 (HKLM-x32\...\Goat Simulator 2014 v1.0.278491.0.27849) (Version: 1.0.27849 - Friends in War)Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenHi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) HiddenLEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) HiddenLEGO MINDSTORMS EV3 Home English Support (x32 Version: 1.0.229 - The LEGO Group) HiddenLEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) HiddenLEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) HiddenMalwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Minecraft version 1.7.9 (HKLM-x32\...\{FB5EDA20-9E19-4C9B-876C-65F7E8229F8B}_is1) (Version: 1.7.9 - P2P)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenNeed For Speed Most Wanted version 1.3 (HKLM-x32\...\{4B65137F-9AB3-45DC-BFBC-93B3659CF840}_is1) (Version: 1.3 - SandBox Repacks)NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) HiddenNI EulaDepot (x32 Version: 3.11.190 - National Instruments) HiddenNI MDF Support (x32 Version: 3.11.190 - National Instruments) HiddenNI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) HiddenNI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) HiddenNI Uninstaller (x32 Version: 3.11.190 - National Instruments) HiddenNI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) HiddenNI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) HiddenNVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.4.10.297 - Electronic Arts, Inc.)PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version: - OVERKILL - a Starbreeze Studio.)PileFile reminder (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version: - LADY'S WOOD 2013 LIMITED) <==== ATTENTIONPortal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )Prompt Downloader (HKLM-x32\...\Prompt Downloader) (Version: - )RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)Raptr (HKLM-x32\...\Raptr) (Version: - )Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version: - BUGBEAR)ROBLOX Player for user (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)RollerCoaster Tycoon 3 Demo (HKLM-x32\...\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}) (Version: 1.00.000 - )Shopping Helper Smartbar (HKLM-x32\...\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTIONShopping Helper Smartbar Engine (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{e451cd0b-5948-419b-bc4d-f65265a1461d}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTIONSoldier Front 2 (HKLM-x32\...\Steam App 239660) (Version: - Dragonfly)Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)Spotify (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version: - FIX Korea)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version: - Atari)TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version: - )Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios)VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1375052093-4268391962-1033398323-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () ==================== Restore Points ========================= 30-06-2014 14:59:10 Windows Update19-05-2015 00:41:35 Installed Minecraft29-05-2015 05:20:45 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {073E2B9B-848C-4811-8635-706BE4A87F2D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)Task: {5265E97E-07F8-48D7-8CEA-6F98C61EC45C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)Task: {8ACF9D33-1AAC-4F34-858C-28AB2EB62094} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)Task: {9D3C3E7F-AA25-439F-962C-99EBF3520C1A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)Task: {AB6AC8A2-3BAF-4531-9124-226901609DBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)Task: {C2A668A7-6A7A-4ACD-BB76-99D8B01A0423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)Task: {C5633CCA-FDD4-4F6C-8DF4-85F76C74791B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)Task: {DC0AD4C1-DAB7-4A77-A015-2D8B1A4426B9} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()Task: {DC48DDD1-2A8C-4552-B195-73D671519CE7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-30] (Microsoft Corporation)Task: {ED8CF134-E65B-4846-990F-2C1C60A7EAB5} - System32\Tasks\{41C27BF2-FAFA-4283-B392-B9D095FA5E52} => pcalua.exe -a C:\Users\user\Downloads\setup.exe -d C:\Users\user\DownloadsTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2012-12-08 21:02 - 2009-03-30 14:32 - 00032768 ____R () C:\Windows\DAODx.exe2015-05-19 01:42 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2015-05-19 01:42 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll2015-05-19 01:42 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll2015-05-19 01:42 - 2013-05-07 11:16 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll2015-05-19 01:42 - 2013-05-07 11:16 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL2014-06-13 13:40 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-13 13:40 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-13 13:40 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-13 13:40 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-13 13:40 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44327231.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44327231.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\2013-12-28_23.00.43 (2).pngDNS Servers: 192.168.43.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\StartupApproved\Run: => "Desura" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{1E3C7AF3-65BF-4A9F-8DE8-BC438539E11C}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exeFirewallRules: [{7FF86E2D-F34A-4D30-A288-4E5B6552CB15}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exeFirewallRules: [{1FC0E159-B5D7-4E55-83DD-2687CA86DE85}] => (Allow) D:\Program Files\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exeFirewallRules: [{0E8AB6DC-D880-4184-9DE0-C754D1FED3D6}] => (Allow) D:\Program Files\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exeFirewallRules: [{CF14F1C4-D6E1-4946-8641-702FAE5DE842}] => (Block) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exeFirewallRules: [{3B9E835A-545D-4D10-A598-78E922CD6C56}] => (Block) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exeFirewallRules: [uDP Query User{BA280FEA-B409-4895-93D6-D8E453590CE9}D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exeFirewallRules: [TCP Query User{08AA894A-F6A7-41EC-8293-7AC267860B5E}D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exeFirewallRules: [{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{168083F7-3502-4DC9-AFA8-A424277B71C4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{2A3A61C8-A76B-42A7-B0BF-71FCC6C9C31C}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_f9f6997e.exeFirewallRules: [{E725DA10-851C-44A9-A952-71B91EDAE0DA}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_f9f6997e.exeFirewallRules: [{081A1C63-A368-4DC0-8798-7588A1FA5142}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_c55e077c.exeFirewallRules: [{7B949E91-5122-4308-A913-4A2C374A0346}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_c55e077c.exeFirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}D:\Program Files\Lego Mindstorms\MindstormsEV3.exe] => (Allow) D:\Program Files\Lego Mindstorms\MindstormsEV3.exeFirewallRules: [uDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}D:\Program Files\Lego Mindstorms\MindstormsEV3.exe] => (Allow) D:\Program Files\Lego Mindstorms\MindstormsEV3.exeFirewallRules: [{C79B1E80-363E-41C5-9538-3E49164CB65B}] => (Block) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exeFirewallRules: [{D00E8359-597B-4ECC-AA16-EDB3DFA042E6}] => (Block) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exeFirewallRules: [uDP Query User{66097882-2892-4F29-9C2C-01F212D11224}C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exeFirewallRules: [TCP Query User{760DB34F-E5EE-4A41-89B4-6A873224B08E}C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exeFirewallRules: [{6054DD04-08D5-433F-987B-FD839CAB84AD}] => (Allow) C:\Windows\SysWOW64\muzapp.exeFirewallRules: [{11E620C5-8121-4FBD-BCDC-5E76234277B5}] => (Allow) C:\Windows\SysWOW64\muzapp.exeFirewallRules: [{A63716F6-2167-4CEB-862D-803D3E8074B5}] => (Allow) D:\Program Files\steamapps\common\raceroom racing experience\Game\Game.exeFirewallRules: [{0B49BC28-781A-43B6-9546-39A8C1C16269}] => (Allow) D:\Program Files\steamapps\common\raceroom racing experience\Game\Game.exeFirewallRules: [{E5179318-7820-43FA-BD75-FA896471F406}] => (Allow) LPort=26675FirewallRules: [{9A9E58E1-3E8D-4C1D-902D-05857E9F2B92}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exeFirewallRules: [{45C3A5A0-2DC7-41A2-9D10-A02BCF9FE295}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exeFirewallRules: [{0405ED83-B952-44B6-AE35-0F7124D2A0F8}] => (Allow) LPort=1900FirewallRules: [{BA568B17-BC68-40DA-A44E-DE96BEF762B1}] => (Allow) LPort=2869FirewallRules: [{B4FBDBF5-2AFE-4F69-AAD9-E391C722E2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [uDP Query User{C71F9437-3377-498D-AA9B-3AC88821587B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exeFirewallRules: [TCP Query User{3DCBA8B6-5F11-4BBD-82EB-19F7AA5639C4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exeFirewallRules: [{74B9F59F-3713-40ED-BA23-E82814A674C8}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{DC0AB3EF-BAE9-49C6-AEEB-02579EE279C2}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [uDP Query User{BF399073-CBE8-475D-8A63-C69F74F1B483}C:\users\user\desktop\uplauncher.exe] => (Block) C:\users\user\desktop\uplauncher.exeFirewallRules: [TCP Query User{2104E453-C5BE-461A-B7DE-9F6363C8E489}C:\users\user\desktop\uplauncher.exe] => (Block) C:\users\user\desktop\uplauncher.exeFirewallRules: [uDP Query User{D50CD0FA-181D-450A-9942-101F8E80EC45}D:\program files\atari\tdu2\uplauncher.exe] => (Allow) D:\program files\atari\tdu2\uplauncher.exeFirewallRules: [TCP Query User{C2AECDC3-7BF1-4168-BA96-904291F6E3D5}D:\program files\atari\tdu2\uplauncher.exe] => (Allow) D:\program files\atari\tdu2\uplauncher.exeFirewallRules: [uDP Query User{5951E80D-2064-4611-AFCD-2D170D9E660E}D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe] => (Block) D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exeFirewallRules: [TCP Query User{6DC336B3-E67D-4F2D-B0E9-9859CFD8DEE1}D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe] => (Block) D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exeFirewallRules: [uDP Query User{587DD3DD-1908-4B48-BE86-0A2B21B4DC20}D:\program files\atari\tdu2\_uplauncher.exe] => (Block) D:\program files\atari\tdu2\_uplauncher.exeFirewallRules: [TCP Query User{0B32D214-2DBB-4C76-850D-E9AED4E59BCC}D:\program files\atari\tdu2\_uplauncher.exe] => (Block) D:\program files\atari\tdu2\_uplauncher.exeFirewallRules: [uDP Query User{0FB115D3-23E0-4A3D-BBCC-26AA626E705C}D:\program files\atari\tdu2\testdrive2.exe] => (Allow) D:\program files\atari\tdu2\testdrive2.exeFirewallRules: [TCP Query User{A619DDDE-662E-482A-9D61-E58F54B0DECE}D:\program files\atari\tdu2\testdrive2.exe] => (Allow) D:\program files\atari\tdu2\testdrive2.exeFirewallRules: [uDP Query User{9743B154-86BE-4E03-916A-9ACD40CEEAA0}D:\program files\atari\tdu2\uplauncher.exe] => (Block) D:\program files\atari\tdu2\uplauncher.exeFirewallRules: [TCP Query User{52CCA8EA-5B75-4372-98A4-12B26151E905}D:\program files\atari\tdu2\uplauncher.exe] => (Block) D:\program files\atari\tdu2\uplauncher.exeFirewallRules: [uDP Query User{865DF156-B2D9-46BD-BD31-7845649553E5}D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe] => (Allow) D:\program files\steamapps\azmeir03\team fortress 2\hl2.exeFirewallRules: [TCP Query User{34BCEBE7-EF39-41D9-9C0F-AAFCCF2DAE17}D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe] => (Allow) D:\program files\steamapps\azmeir03\team fortress 2\hl2.exeFirewallRules: [uDP Query User{3676A772-6DA6-4E0D-947F-6D894EEC5AE7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exeFirewallRules: [TCP Query User{562FA853-FC61-4DED-9BD2-AD0F49B974BA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exeFirewallRules: [{1C1129A0-0E33-4ABA-AD28-F8F5982BCAE7}] => (Allow) D:\Program Files\Steam.exeFirewallRules: [{C57618BE-156D-497D-A55F-7973D768E008}] => (Allow) D:\Program Files\Steam.exeFirewallRules: [TCP Query User{EF2CFC04-58B9-4E6F-9B41-774E95465815}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{A2656CFC-576C-43D1-9696-BB7736FB2F25}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{EC7303F6-927B-4679-8B8E-C8D7EB0EAC80}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exeFirewallRules: [{9095D935-7291-4074-8026-4FE434FE78FB}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exeFirewallRules: [TCP Query User{D1CEABE3-E1CE-4992-AA74-2B3A3B62553A}D:\program files\steam.exe] => (Allow) D:\program files\steam.exeFirewallRules: [uDP Query User{8E208AAA-B0ED-4093-8997-E6E2E4CE16EB}D:\program files\steam.exe] => (Allow) D:\program files\steam.exeFirewallRules: [{3EA12052-EEC8-495F-B562-20675C7C91F5}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{E70C8879-010D-4927-A66B-41D6F4E321A7}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{143744F6-E92C-4182-A0C2-22E33A1FB6A8}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exeFirewallRules: [{5F071589-0865-463A-9F96-9CA05DE1DDD2}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exeFirewallRules: [{D716AE26-F60D-48DA-882F-E7E55D91C9ED}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exeFirewallRules: [{8DF22B6B-6904-42EE-AE30-5BE9081D891C}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exeFirewallRules: [{0B46AD3B-ACE3-404D-A88E-C6B8A2123E42}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{EFCB6CF7-8F3B-4B13-BB4F-E1AC7710EBAD}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{13FDB23B-DCB2-4489-B1B3-A85CAA401E3A}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{8C28215F-E165-4E70-8E99-D9A710F9684D}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exeFirewallRules: [{884B4848-7478-48D8-8678-A537B328121E}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exeFirewallRules: [{AEFF887F-F789-48BB-AF94-D2C1A8BCE310}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exeFirewallRules: [{AE24A916-BAAE-42DF-8E3E-33CDCF659E6B}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exeFirewallRules: [{4CDC6FF5-1CF2-4584-BC48-D76D62CE5E9A}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exeFirewallRules: [{375A9B80-9239-4CD1-A9D7-80E05E965E2A}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\DFUBG.exeFirewallRules: [{61A9BA56-E1E7-49A4-AB1F-F71BC21CE8FE}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\DFUBG.exeFirewallRules: [{1AC09AAC-FF5B-4D91-B524-A63756F8F4A6}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exeFirewallRules: [{9BA7AAE7-0685-4D46-8DCE-D272D48A620E}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exeFirewallRules: [{1D633722-A241-481B-BBAD-844120A65FC3}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exeFirewallRules: [{6AAF0F69-58D5-4A2D-A90A-85107230CA0F}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exeFirewallRules: [TCP Query User{5DFC2585-1803-4E6F-813A-010CB5F9A2AF}C:\users\user\desktop\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\desktop\crashtastic v0.4.1\iws.exeFirewallRules: [uDP Query User{39E4267C-D6A8-4908-8FE0-904D9FDD4F1B}C:\users\user\desktop\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\desktop\crashtastic v0.4.1\iws.exeFirewallRules: [TCP Query User{2CE41157-C655-4A5B-B112-33DB14BB7DCE}C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{BA1AA273-A777-4CB0-BAD4-3375D877B52C}C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [{08CA2B1E-C13C-4608-94F6-998853B03E6C}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\Binaries\Win32\sf2.exeFirewallRules: [{5A4FABAB-9AC9-4E1F-B44D-6435E9274C0C}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\Binaries\Win32\sf2.exeFirewallRules: [{10F9B284-FD91-40C9-B025-55C51E732029}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exeFirewallRules: [{B8C38507-A8C7-4221-9522-4A1CAD08B04A}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exeFirewallRules: [TCP Query User{733DA32E-1D80-4952-91C4-C4EAD506318A}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exeFirewallRules: [uDP Query User{5375E89B-465B-4F05-A1F3-66CCACE4FB03}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exeFirewallRules: [TCP Query User{F544596E-4136-4291-93A0-00F2FE211E5F}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exeFirewallRules: [uDP Query User{FCB4937B-AF58-4547-8250-6E4AD0266907}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exeFirewallRules: [TCP Query User{922682AF-63CB-4951-9275-D00193785615}C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exeFirewallRules: [uDP Query User{D699B964-7E01-4C22-824E-72B9445AE4C6}C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exeFirewallRules: [TCP Query User{E56BF15D-3FFF-4B88-AB90-EE8425EB2D86}C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exeFirewallRules: [uDP Query User{980ECAAA-7373-489C-93E8-E31ACF4CA03D}C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exeFirewallRules: [TCP Query User{53F512B5-644B-43A1-AD6B-1AD4037D5128}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exeFirewallRules: [uDP Query User{D16EBBEA-6F80-4E60-BB6F-C090227CAB46}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exeFirewallRules: [{5CC16690-0C72-40C5-975C-159692CC8CDB}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exeFirewallRules: [{007F339C-FC2C-4ADF-861D-3C4E9E387B21}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exeFirewallRules: [TCP Query User{A43343C2-A23F-45B7-9628-14C00B67FBF7}C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{A93A8565-447C-4094-925E-D7CD90734BD3}C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [TCP Query User{E8B2EDB3-8DE4-4BC2-94ED-77C9D0E9AEC3}C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{E9880A37-B85F-4C4B-8DA4-522F70ADACFD}C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [TCP Query User{E0AD350C-EC53-434B-B553-D927F4AA4B42}C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{4A76BDC1-619E-48BE-A159-48A6221E5D4D}C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [TCP Query User{5493A4BA-134F-4442-85E2-CF0B13B48B74}C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{ECEB1586-D44D-4364-8809-69C8959EACA9}C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [TCP Query User{E8548C27-87B6-4017-B7DC-0A2C7A30BDCB}C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{B1C5E174-1C60-4AFA-8663-4DC002D65CDB}C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [TCP Query User{0E1512AF-AB99-4099-9222-A04768F518CD}C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [uDP Query User{A287784B-514A-4932-B769-E0A0ED154A21}C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exeFirewallRules: [TCP Query User{16498674-0305-4C71-87CD-1E7C47F41B2B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{379B634E-010D-405E-B5AC-17ABA48F3456}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exeFirewallRules: [{AA875F1D-FC9D-4477-A16F-2215E07CC60B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exeFirewallRules: [{A5A94404-0DE4-4BDB-9F1A-9A3ECA83BB4A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exeFirewallRules: [{545EE3D3-AAA2-4CDE-BAF0-DECFA7542E54}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exeFirewallRules: [{50A43744-5DA9-429F-92DA-92680373D85B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exeFirewallRules: [{1781652B-5FD4-416B-A6B9-8F6B24A0D2DB}] => (Allow) D:\Program Files\steamapps\common\TacticalIntervention\bin\tacint.exeFirewallRules: [{397E5244-DB5B-4A92-907B-19E8A7CFCDF0}] => (Allow) D:\Program Files\steamapps\common\TacticalIntervention\bin\tacint.exeFirewallRules: [{C80295C5-6C4A-41FF-B038-D25A0697C1D2}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exeFirewallRules: [{2890AA4B-6227-4F66-A976-B28A8358605E}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exeFirewallRules: [TCP Query User{26CD9514-F1CA-4FEF-AB7B-7EF5855A7DFB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [uDP Query User{1ABEFE11-2408-48F6-82C5-5B57A17FCCA7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [{7CC45A8E-5A00-4D22-8B46-6062DD17BE07}] => (Allow) D:\Program Files\bin\steamwebhelper.exeFirewallRules: [{78F7C78D-C13D-45F3-8104-A964471192D8}] => (Allow) D:\Program Files\bin\steamwebhelper.exeStandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe] => Enabled:Windows MessangerStandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe] => Enabled:Windows Messanger ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/29/2015 06:46:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (05/29/2015 05:20:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)Description: There was an error communicating to the Orion inference server Error: (05/29/2015 05:20:30 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)Description: There was an error communicating to the Orion inference server Error: (05/19/2015 02:40:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)Description: There was an error communicating to the Orion inference server Error: (05/19/2015 02:40:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)Description: There was an error communicating to the Orion inference server Error: (05/19/2015 02:40:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (05/19/2015 02:26:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome System errors:=============Error: (05/29/2015 06:39:09 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (05/29/2015 06:39:09 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office:=========================Error: (05/29/2015 06:46:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883 Error: (05/29/2015 05:20:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)Description: -2143485936 Error: (05/29/2015 05:20:30 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)Description: -2143485936 Error: (05/19/2015 02:40:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)Description: -2143485936 Error: (05/19/2015 02:40:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)Description: -2143485936 Error: (05/19/2015 02:40:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883 Error: (05/19/2015 02:26:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors:=================================== Date: 2015-05-18 23:20:50.669 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:50.534 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:50.358 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:50.200 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:50.005 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:49.869 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:49.691 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:49.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:49.364 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 23:20:49.226 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD FX-4170 Quad-Core Processor Percentage of memory in use: 49%Total physical RAM: 3998.93 MBAvailable physical RAM: 2011.66 MBTotal Pagefile: 4830.93 MBAvailable Pagefile: 2662.89 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.31 GB) (Free:24.69 GB) NTFSDrive d: () (Fixed) (Total:368.1 GB) (Free:222.5 GB) NTFSDrive e: (CD218A1) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 79C9A4F0)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) ==================== End of log ============================

JavaRa JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed May 14 16:42:18 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jun 20 19:21:28 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\.jar Found and removed: SOFTWARE\Classes\jarfile Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. FixLog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014Ran by user at 2014-06-20 19:23:33 Run:5Running from C:\Users\user\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTIONHKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\Setup.exe"HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"HKLM\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No FileBHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileFF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileC:\Users\user\AppData\Local\Temp\RarSFX16CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx"CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileC:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exeC:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exeC:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exeC:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exeC:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exeC:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exeC:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exeC:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exeC:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exeC:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exeC:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exeC:\Users\user\AppData\Local\Temp\MxfOSZavliv.exeC:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exeC:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exeC:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exeC:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exeC:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exeC:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exeC:\Users\user\AppData\Local\Temp\utt8419.tmp.exeC:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exeC:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exeC:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exeC:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exeC:\Users\user\AppData\Local\Temp\zFxd36i52oS.exeTask: {13C369A3-27A5-46BC-8AE2-34E14D6DBED2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Users\user\AppData\Local\Temp\RarSFX10C:\Users\user\AppData\Local\Temp\RarSFX11C:\Users\user\AppData\Local\Temp\RarSFX12C:\Users\user\AppData\Local\Temp\RarSFX13C:\Users\user\AppData\Local\Temp\RarSFX14C:\Users\user\AppData\Local\Temp\RarSFX15C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exeC:\Users\user\AppData\Local\Temp\RarSFX16 ***************** HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\System Idle => value deleted successfully.HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CrashHandle => value deleted successfully.HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 => value deleted successfully.'HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867d810-4370-11e2-be6f-50465d598758}' => Key deleted successfully.'HKCR\CLSID\{3867d810-4370-11e2-be6f-50465d598758}'=> Key not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\System Idle => value deleted successfully.'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2'=> Key not found.C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2'=> Key not found.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found."C:\Users\user\AppData\Local\Temp\RarSFX16" => File/Directory not found.CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" ==> The Chrome "Settings" can be used to fix the entry.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found."C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe" => File/Directory not found.C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C369A3-27A5-46BC-8AE2-34E14D6DBED2}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C369A3-27A5-46BC-8AE2-34E14D6DBED2}' => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA' => Key deleted successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully."C:\Users\user\AppData\Local\Temp\RarSFX10" => File/Directory not found."C:\Users\user\AppData\Local\Temp\RarSFX11" => File/Directory not found."C:\Users\user\AppData\Local\Temp\RarSFX12" => File/Directory not found."C:\Users\user\AppData\Local\Temp\RarSFX13" => File/Directory not found."C:\Users\user\AppData\Local\Temp\RarSFX14" => File/Directory not found."C:\Users\user\AppData\Local\Temp\RarSFX15" => File/Directory not found."C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe" => File/Directory not found."C:\Users\user\AppData\Local\Temp\RarSFX16" => File/Directory not found. ==== End of Fixlog ====

Will post the logs over the weekends, a little bit busy nowadays..

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014 Ran by user at 2014-06-06 22:18:26 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - ) Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) BeamNG-DRIVE-0.3 (remove only) (HKCU\...\BeamNG-DRIVE-0.3) (Version: - ) BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version: - ) Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation) Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd) Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Euro Truck Simulator 2 - Going East! (HKLM-x32\...\Euro Truck Simulator 2 - Going East!_is1) (Version: - ) Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software) Euro Truck Simulator 2 v1.3.1 (HKLM-x32\...\Euro Truck Simulator 2 v1.3.11.3.1) (Version: 1.3.1 - Friends in War) Euro Truck Simulator 2 v1.7.0 Update incl DLC (HKLM-x32\...\Euro Truck Simulator 2 v1.7.0 Update incl DLC_is1) (Version: - ) Euro Truck Simulator 2 v1.8.2.5s (DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s) (Version: 1.8.2.5s - Friends in War) Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)1.9.22s) (Version: 1.9.22s - Friends in War) Euro Truck Simulator 2 version 1.9.22s + 3 DLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.9.22s + 3 DLC - ) Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.) Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software) Fraps (HKLM-x32\...\Fraps) (Version: - ) Goat Simulator (HKLM-x32\...\Goat Simulator_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Goat Simulator 2014 v1.0.27849 (HKLM-x32\...\Goat Simulator 2014 v1.0.278491.0.27849) (Version: 1.0.27849 - Friends in War) Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S) LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group) LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Home English Support (x32 Version: 1.0.229 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO) Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Silverlight 5.1 (x32 Version: 5.1.4001 - National Instruments) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Minecraft version 1.7.9 (HKLM-x32\...\{FB5EDA20-9E19-4C9B-876C-65F7E8229F8B}_is1) (Version: 1.7.9 - P2P) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Need For Speed Most Wanted version 1.3 (HKLM-x32\...\{4B65137F-9AB3-45DC-BFBC-93B3659CF840}_is1) (Version: 1.3 - SandBox Repacks) NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version: - OVERKILL - a Starbreeze Studio.) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version: - LADY'S WOOD 2013 LIMITED) <==== ATTENTION Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - ) Prompt Downloader (HKLM-x32\...\Prompt Downloader) (Version: - ) RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version: - BUGBEAR) ROBLOX Player for user (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) RollerCoaster Tycoon 3 Demo (HKLM-x32\...\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}) (Version: 1.00.000 - ) Shopping Helper Smartbar (HKLM-x32\...\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION Shopping Helper Smartbar Engine (HKCU\...\{e451cd0b-5948-419b-bc4d-f65265a1461d}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version: - Dragonfly) Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve) Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform) SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee) Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version: - FIX Korea) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version: - Atari) Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version: - ) Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 22-05-2014 11:20:08 Removed Wallpaper Manager 06-06-2014 10:10:45 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {073E2B9B-848C-4811-8635-706BE4A87F2D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {13C369A3-27A5-46BC-8AE2-34E14D6DBED2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3DC8A3EA-830F-4ADE-8A74-1417EBAB438A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {40BA0D6F-8CEC-4FB5-ABFC-24A334F270B8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {51592A04-E985-446D-B435-4529CD6E195F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation) Task: {5265E97E-07F8-48D7-8CEA-6F98C61EC45C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6E066958-E697-4BEB-8E7A-13593D064D2D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8ACF9D33-1AAC-4F34-858C-28AB2EB62094} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9D3C3E7F-AA25-439F-962C-99EBF3520C1A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {AB6AC8A2-3BAF-4531-9124-226901609DBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {B833AB63-37D0-4EE9-B017-1F53DBDF06C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {C5633CCA-FDD4-4F6C-8DF4-85F76C74791B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DC0AD4C1-DAB7-4A77-A015-2D8B1A4426B9} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {EEFF55D5-E02E-4374-A0CB-0096C45D7864} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-12-08 21:02 - 2009-03-30 14:32 - 00032768 ____R () C:\Windows\DAODx.exe 2014-06-06 17:36 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\SystemWhileIdle.exe 2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-06-06 22:03 - 2014-06-06 22:04 - 10173724 _____ () C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe 2014-06-06 22:04 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX15\SystemWhileIdle.exe 2014-06-06 22:03 - 2014-06-06 22:04 - 10173724 _____ () C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe 2014-06-06 22:04 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe 2014-05-23 14:38 - 2014-05-14 07:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll 2014-05-23 14:38 - 2014-05-14 07:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll 2014-05-23 14:38 - 2014-05-14 07:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-23 14:38 - 2014-05-14 07:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-23 14:38 - 2014-05-14 07:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll 2014-06-06 17:36 - 2013-09-03 12:38 - 00964622 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe 2014-06-06 17:36 - 2013-09-03 12:38 - 00538126 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\libcurl-4.dll 2014-06-06 17:36 - 2013-09-03 12:38 - 00084992 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44327231.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44327231.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2014 10:18:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x2794 Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:18:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x2690 Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:17:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x211c Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0xeec Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x2444 Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x1bfc Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x21b4 Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x234c Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x1778 Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 Error: (06/06/2014 10:15:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2 Exception code: 0xc0000005 Fault offset: 0x00031acd Faulting process ID: 0x260c Faulting application start time: 0xklp10svc.exe0 Faulting application path: klp10svc.exe1 Faulting module path: klp10svc.exe2 Report ID: klp10svc.exe3 Faulting package full name: klp10svc.exe4 Faulting package-relative application ID: klp10svc.exe5 System errors: ============= Error: (06/06/2014 10:03:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (06/06/2014 10:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: %%1053 Error: (06/06/2014 10:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (06/06/2014 10:02:49 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 20:33:17 on ‎06/‎06/‎2014 was unexpected. Error: (06/06/2014 10:02:31 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 32212256844644062238900040 Error: (06/06/2014 06:15:58 PM) (Source: DCOM) (EventID: 10010) (User: admin) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (06/06/2014 06:15:27 PM) (Source: DCOM) (EventID: 10010) (User: admin) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (06/06/2014 06:05:21 PM) (Source: DCOM) (EventID: 10010) (User: admin) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (06/06/2014 06:04:51 PM) (Source: DCOM) (EventID: 10010) (User: admin) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (06/06/2014 05:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (06/06/2014 10:18:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd279401cf81921bf477d9C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe60c0532a-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:18:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd269001cf81921bf49eecC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exe60b0e995-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:17:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd211c01cf8191f4c29136C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe3a11be54-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acdeec01cf8191c7a43981C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe0c1249a2-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd244401cf8191c7a487a1C:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exe0bf8cdd9-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd1bfc01cf8191c035ebb7C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe049b23b2-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd21b401cf8191c035ebb7C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe0481cf0b-ed85-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd234c01cf8191b8a5cb3aC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exefd0323d4-ed84-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd177801cf8191b8a5f24cC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exefd02fcc4-ed84-11e3-bfbb-3085a99fc148 Error: (06/06/2014 10:15:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd260c01cf8191b06f3d0eC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exef5990af1-ed84-11e3-bfbb-3085a99fc148 CodeIntegrity Errors: =================================== Date: 2014-05-15 15:27:57.312 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-15 15:27:57.100 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:44.371 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:44.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:44.074 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:43.996 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:43.792 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:43.714 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:43.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 23:02:43.308 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 3998.93 MB Available physical RAM: 2646.32 MB Total Pagefile: 8094.93 MB Available Pagefile: 6431.82 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.31 GB) (Free:27.11 GB) NTFS Drive d: () (Fixed) (Total:368.1 GB) (Free:255.09 GB) NTFS Drive e: (CD113A4) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 79C9A4F0) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014 Ran by user (administrator) on ADMIN on 06-06-2014 22:17:50 Running from C:\Users\user\Desktop Platform: Windows 8.1 (X64) OS Language: English(UK) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Windows\DAODx.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft) C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe (Microsoft) C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Users\user\AppData\Local\Temp\RarSFX14\SystemWhileIdle.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe () C:\Users\user\AppData\Local\Temp\RarSFX15\SystemWhileIdle.exe () C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe () C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2013-11-29] (Desura Pty Ltd) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-03] (Spotify Ltd) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.) HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\Setup.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x482577A22320CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB,en-MY;q=0.7,en;q=0.3 BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\user\AppData\Local\Roblox\Versions\version-266c1c454a3c46ab\\NPRobloxProxy.dll ( ROBLOX Corporation) FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.73\coFFFw\ Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" CHR DefaultSearchKeyword: google.com.my CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File CHR Plugin: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.8.0.5_0\npcoplgn.dll No File CHR Plugin: (FromDocToPDF Installer Plugin Stub) - C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll (FromDocToPDF) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Roblox Launcher Plugin) - C:\Users\user\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.) U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-01-31] (Hi-Rez Studios) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek ) R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-15] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-26] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 22:17 - 2014-06-06 22:18 - 00011586 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-06 22:16 - 2014-06-06 22:16 - 02072576 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-05-25 19:58 - 2014-05-25 19:58 - 00000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE} 2014-05-23 13:26 - 2014-05-23 13:39 - 269338400 _____ (AMD Inc.) C:\Users\user\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe 2014-05-23 09:44 - 2014-05-23 09:44 - 00280776 _____ () C:\WINDOWS\Minidump\052314-20437-01.dmp 2014-05-22 23:47 - 2014-05-22 23:48 - 00000000 ____D () C:\Trials Fusion 2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\Documents\TrialsFusion 2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW 2014-05-22 23:43 - 2014-05-22 23:43 - 00001027 _____ () C:\Users\Public\Desktop\Trials Fusion.lnk 2014-05-22 23:43 - 2014-05-22 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2014-05-22 23:04 - 2014-05-22 23:04 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-05-22 23:04 - 2014-05-22 23:04 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-05-22 23:04 - 2014-05-22 23:04 - 00000000 ____D () C:\Program Files\Java 2014-05-22 22:56 - 2014-05-22 23:02 - 30818216 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u55-windows-x64.exe 2014-05-22 22:30 - 2014-05-22 22:31 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe 2014-05-22 19:58 - 2014-05-22 19:58 - 00027533 _____ () C:\Users\user\Downloads\[kickass.to]trials.fusion.proper.skidrow.torrent 2014-05-22 19:52 - 2014-05-22 19:52 - 01270864 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe 2014-05-22 19:52 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN 2014-05-21 17:32 - 2014-05-21 17:33 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe 2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-15 15:24 - 2014-05-15 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-05-15 15:23 - 2014-05-15 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression 2014-05-14 22:50 - 2014-05-14 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-14 22:50 - 2014-05-14 22:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-05-14 22:50 - 2014-05-14 22:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-05-14 22:50 - 2014-05-14 22:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-05-14 22:50 - 2014-05-14 22:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-05-14 17:57 - 2014-05-14 17:57 - 00000000 ____D () C:\ProgramData\ATI 2014-05-14 17:32 - 2014-05-14 17:32 - 00054873 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141732269746.log 2014-05-14 17:32 - 2014-05-14 17:32 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk 2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc 2014-05-14 17:31 - 2014-05-14 17:31 - 00065660 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141731243459.log 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI 2014-05-14 17:27 - 2014-04-18 22:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-05-14 17:27 - 2014-04-18 22:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-05-14 17:27 - 2014-04-18 21:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-05-14 17:27 - 2014-04-18 17:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll 2014-05-14 17:27 - 2014-04-18 17:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-05-14 17:27 - 2014-04-18 16:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-05-14 17:27 - 2014-04-18 16:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2014-05-14 17:27 - 2014-04-18 16:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-05-14 17:27 - 2014-04-18 16:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-05-14 17:27 - 2014-04-18 15:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-05-14 17:27 - 2014-04-18 15:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-05-14 17:27 - 2014-04-14 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2014-05-14 17:27 - 2014-04-14 16:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2014-05-14 17:27 - 2014-04-11 12:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-05-14 17:27 - 2014-04-11 12:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-05-14 17:27 - 2014-04-11 11:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll 2014-05-14 17:27 - 2014-04-09 19:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-05-14 17:27 - 2014-04-09 14:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2014-05-14 17:27 - 2014-04-09 13:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2014-05-14 17:27 - 2014-04-09 12:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-05-14 17:27 - 2014-04-09 11:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2014-05-14 17:27 - 2014-04-08 10:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2014-05-14 17:27 - 2014-04-07 00:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2014-05-14 17:27 - 2014-04-07 00:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2014-05-14 17:27 - 2014-04-07 00:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2014-05-14 17:27 - 2014-04-07 00:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-05-14 17:27 - 2014-04-07 00:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2014-05-14 17:27 - 2014-04-07 00:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2014-05-14 17:27 - 2014-04-07 00:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-05-14 17:27 - 2014-04-07 00:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-05-14 17:27 - 2014-04-07 00:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2014-05-14 17:27 - 2014-04-06 23:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll 2014-05-14 17:27 - 2014-04-06 23:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-05-14 17:27 - 2014-04-06 23:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-05-14 17:27 - 2014-04-06 23:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-05-14 17:27 - 2014-04-06 22:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-05-14 17:27 - 2014-04-06 20:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll 2014-05-14 17:27 - 2014-04-06 20:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2014-05-14 17:27 - 2014-04-06 20:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2014-05-14 17:27 - 2014-04-06 20:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2014-05-14 17:27 - 2014-04-06 20:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll 2014-05-14 17:27 - 2014-04-06 19:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-05-14 17:27 - 2014-04-06 19:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-05-14 17:27 - 2014-04-06 19:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2014-05-14 17:27 - 2014-04-06 19:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-05-14 17:27 - 2014-04-06 19:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-05-14 17:27 - 2014-04-06 18:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-05-14 17:27 - 2014-04-06 18:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-05-14 17:27 - 2014-04-06 18:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-05-14 17:27 - 2014-04-06 18:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-05-14 17:27 - 2014-04-06 18:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2014-05-14 17:27 - 2014-04-06 17:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2014-05-14 17:27 - 2014-04-03 16:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2014-05-14 17:27 - 2014-04-03 16:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2014-05-14 17:27 - 2014-04-03 16:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2014-05-14 17:27 - 2014-04-03 12:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2014-05-14 17:27 - 2014-04-03 12:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll 2014-05-14 17:27 - 2014-04-03 11:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2014-05-14 17:27 - 2014-04-03 10:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-05-14 17:27 - 2014-04-03 10:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-05-14 17:27 - 2014-04-03 10:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2014-05-14 17:27 - 2014-04-03 10:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-05-14 17:27 - 2014-04-03 10:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-05-14 17:27 - 2014-04-03 10:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll 2014-05-14 17:27 - 2014-04-03 10:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-05-14 17:27 - 2014-04-03 10:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll 2014-05-14 17:27 - 2014-04-01 14:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-05-14 17:27 - 2014-03-31 13:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-05-14 17:27 - 2014-03-31 13:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-05-14 17:27 - 2014-03-31 13:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-05-14 17:27 - 2014-03-31 08:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-05-14 17:27 - 2014-03-31 08:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2014-05-14 17:27 - 2014-03-31 07:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2014-05-14 17:27 - 2014-03-31 06:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2014-05-14 17:27 - 2014-03-31 06:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-05-14 17:27 - 2014-03-31 06:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-05-14 17:27 - 2014-03-31 06:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-05-14 17:27 - 2014-03-31 05:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-05-14 17:27 - 2014-03-28 23:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2014-05-14 17:27 - 2014-03-27 14:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-05-14 17:27 - 2014-03-27 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2014-05-14 17:27 - 2014-03-27 12:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-05-14 17:27 - 2014-03-27 12:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2014-05-14 17:27 - 2014-03-27 12:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-05-14 17:27 - 2014-03-27 11:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2014-05-14 17:27 - 2014-03-27 11:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-05-14 17:27 - 2014-03-27 11:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2014-05-14 17:27 - 2014-03-25 06:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-05-14 17:27 - 2014-03-20 11:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-05-14 17:27 - 2014-03-20 08:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-05-14 17:27 - 2014-03-20 07:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-05-14 17:27 - 2014-03-19 16:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2014-05-14 17:27 - 2014-03-19 16:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-05-14 17:27 - 2014-03-19 15:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-05-14 17:27 - 2014-03-19 15:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-05-14 17:27 - 2014-03-19 14:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-05-14 17:27 - 2014-03-19 13:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-05-14 17:27 - 2014-03-19 13:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-05-14 17:27 - 2014-03-19 13:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-05-14 17:27 - 2014-03-19 13:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-05-14 17:27 - 2014-03-19 13:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-05-14 17:27 - 2014-03-19 13:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-05-14 17:27 - 2014-03-19 12:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-05-14 17:27 - 2014-03-19 12:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-05-14 17:27 - 2014-03-19 12:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-05-14 17:27 - 2014-03-18 16:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-05-14 17:27 - 2014-03-18 13:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2014-05-14 17:27 - 2014-03-18 12:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2014-05-14 17:27 - 2014-03-17 13:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-05-14 17:27 - 2014-03-17 12:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-05-14 17:27 - 2014-03-17 11:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2014-05-14 17:27 - 2014-03-17 10:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-05-14 17:27 - 2014-03-17 10:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2014-05-14 17:27 - 2014-03-14 14:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll 2014-05-14 17:27 - 2014-03-14 14:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2014-05-14 17:27 - 2014-03-06 20:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-05-14 16:42 - 2014-05-14 16:42 - 00004320 _____ () C:\JavaRa.log 2014-05-14 16:13 - 2014-04-11 10:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-05-14 16:13 - 2014-04-11 10:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-05-14 16:13 - 2014-03-24 10:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-05-14 16:13 - 2014-03-24 10:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-05-14 16:13 - 2014-03-24 10:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-05-14 16:13 - 2014-03-13 15:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-05-14 16:13 - 2014-03-13 14:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-05-14 16:12 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-14 16:12 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-14 16:12 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-14 16:12 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-14 16:12 - 2014-04-11 18:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-05-14 16:12 - 2014-04-11 18:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-05-14 16:12 - 2014-04-11 16:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-05-14 16:12 - 2014-04-11 14:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-05-14 16:12 - 2014-04-11 13:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-05-14 16:12 - 2014-04-11 13:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-05-14 16:12 - 2014-04-11 11:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-05-14 16:12 - 2014-04-11 11:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-05-14 16:12 - 2014-04-11 11:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 16:12 - 2014-04-11 11:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-05-14 16:12 - 2014-04-11 11:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 16:12 - 2014-04-11 11:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-05-14 16:12 - 2014-04-11 11:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-05-14 16:12 - 2014-04-11 11:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-05-14 16:12 - 2014-04-11 10:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-05-14 16:12 - 2014-04-11 10:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-05-14 16:12 - 2014-04-11 10:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-05-14 16:12 - 2014-04-11 10:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-05-14 16:12 - 2014-04-11 10:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-05-14 16:12 - 2014-04-11 10:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-05-14 16:12 - 2014-04-11 10:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-05-14 16:12 - 2014-04-11 10:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-05-14 16:12 - 2014-04-11 10:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-05-14 16:12 - 2014-04-09 06:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll 2014-05-14 16:12 - 2014-04-09 06:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll 2014-05-14 16:12 - 2014-04-09 02:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll 2014-05-14 16:12 - 2014-04-09 02:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll 2014-05-11 00:31 - 2014-06-06 22:03 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 00:31 - 2014-06-06 20:36 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-11 00:31 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 10:48 - 2014-05-09 10:48 - 02346942 _____ () C:\Users\user\Desktop\TechnicLauncher.exe 2014-05-07 21:06 - 2014-05-07 21:06 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-07 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-05-07 20:58 - 2014-05-07 21:01 - 00000000 ____D () C:\AdwCleaner 2014-05-07 20:56 - 2014-05-14 17:17 - 00000000 ____D () C:\Users\user\Desktop\Remove malware 2014-05-07 20:51 - 2014-05-07 20:51 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-07 17:30 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps ==================== One Month Modified Files and Folders ======= 2014-06-06 22:18 - 2014-06-06 22:17 - 00011586 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-06 22:18 - 2014-05-07 17:30 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps 2014-06-06 22:18 - 2013-11-26 14:11 - 00000000 ____D () C:\Users\user\AppData\Local\Temp 2014-06-06 22:17 - 2014-05-04 17:01 - 00000000 ____D () C:\FRST 2014-06-06 22:16 - 2014-06-06 22:16 - 02072576 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-06 22:16 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent 2014-06-06 22:12 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-06-06 22:11 - 2013-12-12 22:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft 2014-06-06 22:09 - 2013-11-26 15:30 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6F87AA2-47CE-4E25-997E-0D75514F58AB} 2014-06-06 22:09 - 2013-09-30 12:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-06 22:09 - 2012-12-08 21:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1375052093-4268391962-1033398323-1001 2014-06-06 22:03 - 2014-05-11 00:31 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 22:03 - 2013-05-30 17:33 - 00000000 ____D () C:\Users\user\AppData\Local\LogMeIn Hamachi 2014-06-06 22:02 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-06 20:36 - 2014-05-11 00:31 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-06 19:38 - 2013-11-26 14:29 - 01664471 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-06 19:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-06 18:14 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-06 17:45 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-05-25 21:38 - 2014-01-17 18:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Raptr 2014-05-25 19:58 - 2014-05-25 19:58 - 00000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE} 2014-05-23 13:39 - 2014-05-23 13:26 - 269338400 _____ (AMD Inc.) C:\Users\user\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe 2014-05-23 09:44 - 2014-05-23 09:44 - 00280776 _____ () C:\WINDOWS\Minidump\052314-20437-01.dmp 2014-05-23 09:44 - 2013-11-30 10:50 - 00000000 ____D () C:\WINDOWS\Minidump 2014-05-23 09:44 - 2012-12-16 12:14 - 505419785 _____ () C:\WINDOWS\MEMORY.DMP 2014-05-22 23:57 - 2014-01-17 18:47 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-05-22 23:48 - 2014-05-22 23:47 - 00000000 ____D () C:\Trials Fusion 2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\Documents\TrialsFusion 2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW 2014-05-22 23:43 - 2014-05-22 23:43 - 00001027 _____ () C:\Users\Public\Desktop\Trials Fusion.lnk 2014-05-22 23:43 - 2014-05-22 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2014-05-22 23:04 - 2014-05-22 23:04 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-05-22 23:04 - 2014-05-22 23:04 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-05-22 23:04 - 2014-05-22 23:04 - 00000000 ____D () C:\Program Files\Java 2014-05-22 23:02 - 2014-05-22 22:56 - 30818216 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u55-windows-x64.exe 2014-05-22 22:31 - 2014-05-22 22:30 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe 2014-05-22 19:58 - 2014-05-22 19:58 - 00027533 _____ () C:\Users\user\Downloads\[kickass.to]trials.fusion.proper.skidrow.torrent 2014-05-22 19:52 - 2014-05-22 19:52 - 01270864 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe 2014-05-22 19:52 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN 2014-05-21 17:47 - 2013-09-30 04:03 - 00329618 _____ () C:\WINDOWS\PFRO.log 2014-05-21 17:33 - 2014-05-21 17:32 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe 2014-05-17 20:14 - 2013-12-01 17:34 - 00000000 ____D () C:\Program Files (x86)\Cracked Steam 2014-05-17 19:59 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-15 21:26 - 2013-05-24 21:42 - 00000000 ___HD () C:\WINDOWS\AxInstSV 2014-05-15 15:44 - 2012-12-18 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-05-15 15:30 - 2014-02-06 17:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\ftblauncher 2014-05-15 15:24 - 2014-05-15 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-05-15 15:24 - 2014-05-15 15:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression 2014-05-15 15:21 - 2013-12-30 19:24 - 00000000 ____D () C:\Users\user\Documents\Bandicam 2014-05-15 15:18 - 2014-05-04 13:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 22:50 - 2014-05-14 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-14 22:49 - 2014-05-14 22:50 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-05-14 22:49 - 2014-05-14 22:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-05-14 22:49 - 2014-05-14 22:50 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-05-14 22:49 - 2014-05-14 22:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-05-14 17:57 - 2014-05-14 17:57 - 00000000 ____D () C:\ProgramData\ATI 2014-05-14 17:57 - 2012-12-08 21:01 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-14 17:57 - 2012-12-08 21:01 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-14 17:56 - 2013-08-22 22:44 - 00335816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-14 17:53 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-05-14 17:52 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-05-14 17:52 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-05-14 17:32 - 2014-05-14 17:32 - 00054873 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141732269746.log 2014-05-14 17:32 - 2014-05-14 17:32 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk 2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc 2014-05-14 17:32 - 2013-06-04 00:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-05-14 17:31 - 2014-05-14 17:31 - 00065660 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141731243459.log 2014-05-14 17:31 - 2012-12-08 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI 2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI 2014-05-14 17:30 - 2013-03-27 16:18 - 00000000 ____D () C:\AMD 2014-05-14 17:29 - 2013-11-26 14:06 - 00000000 ____D () C:\Program Files\AMD 2014-05-14 17:28 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-05-14 17:17 - 2014-05-07 20:56 - 00000000 ____D () C:\Users\user\Desktop\Remove malware 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-14 16:45 - 2013-08-16 16:16 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-14 16:44 - 2012-12-14 15:03 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-14 16:42 - 2014-05-14 16:42 - 00004320 _____ () C:\JavaRa.log 2014-05-11 00:31 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-11 00:31 - 2013-06-26 14:47 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-11 00:27 - 2013-11-26 14:40 - 00000278 __RSH () C:\Users\user\ntuser.pol 2014-05-11 00:25 - 2014-01-18 17:13 - 00000000 _RSHD () C:\Users\user\bmmqu 2014-05-11 00:25 - 2013-08-22 23:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-05-09 10:48 - 2014-05-09 10:48 - 02346942 _____ () C:\Users\user\Desktop\TechnicLauncher.exe 2014-05-09 01:51 - 2014-04-04 19:10 - 00000000 ____D () C:\Program Files (x86)\PCData 2014-05-09 01:21 - 2014-05-03 22:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify 2014-05-09 00:47 - 2013-05-04 18:29 - 00000000 ____D () C:\Users\NoorAzmeir\AppData\Local\Temp 2014-05-09 00:44 - 2014-05-03 22:22 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify 2014-05-07 21:06 - 2014-05-07 21:06 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-07 21:04 - 2014-02-05 15:06 - 00001378 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-05-07 21:01 - 2014-05-07 20:58 - 00000000 ____D () C:\AdwCleaner 2014-05-07 20:51 - 2014-05-07 20:51 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-07 20:45 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media Files to move or delete: ==================== C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-06 17:45 ==================== End Of Log ============================

I shall wait

5 22 2014 19:12:51.499 BOOTLOG_LOADED \SystemRoot\system32\ntoskrnl.exe BOOTLOG_LOADED \SystemRoot\system32\hal.dll BOOTLOG_LOADED \SystemRoot\system32\kd.dll BOOTLOG_LOADED \SystemRoot\system32\mcupdate_AuthenticAMD.dll BOOTLOG_LOADED \SystemRoot\System32\drivers\werkernel.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\CLFS.SYS BOOTLOG_LOADED \SystemRoot\System32\drivers\tm.sys BOOTLOG_LOADED \SystemRoot\system32\PSHED.dll BOOTLOG_LOADED \SystemRoot\system32\BOOTVID.dll BOOTLOG_LOADED \SystemRoot\system32\CI.dll BOOTLOG_LOADED \SystemRoot\System32\drivers\msrpc.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\Wdf01000.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\WDFLDR.SYS BOOTLOG_LOADED \SystemRoot\System32\Drivers\acpiex.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\WppRecorder.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\ACPI.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\WMILIB.SYS BOOTLOG_LOADED \SystemRoot\System32\Drivers\cng.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\WdBoot.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\msisadrv.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\pci.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\vdrvroot.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\pdc.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\partmgr.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\spaceport.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgr.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgrx.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\mountmgr.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\amd_sata.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\storport.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\amd_xata.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\EhStorClass.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\fltmgr.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\fileinfo.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\Wof.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\WdFilter.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\Ntfs.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecdd.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\pcw.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\Fs_Rec.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\ndis.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\NETIO.SYS BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecpkg.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpip.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\fwpkclnt.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\wfplwfs.sys BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\fvevol.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\volsnap.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\rdyboost.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\mup.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\intelpep.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\hwpolicy.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\disk.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\CLASSPNP.SYS BOOTLOG_LOADED \SystemRoot\System32\drivers\dtsoftbus01.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\cdrom.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\Null.SYS BOOTLOG_LOADED \SystemRoot\System32\Drivers\Beep.SYS BOOTLOG_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicRender.sys BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicDisplay.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\Npfs.SYS BOOTLOG_LOADED \SystemRoot\System32\Drivers\Msfs.SYS BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tdx.sys BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\netbt.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\afd.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\pacer.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwififlt.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\netbios.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rdbss.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\nsiproxy.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\npsvctrig.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\mssmbios.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\dfsc.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ahcache.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\CompositeBus.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kdnic.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\umbus.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\atikmdag.sys BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\atikmpag.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\amdkmafd.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\HDAudBus.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\au630x64.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\ucx01000.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\USBXHCI.SYS BOOTLOG_LOADED \SystemRoot\System32\drivers\usbohci.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\usbehci.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\amdkmafd.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\serial.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\serenum.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\wmiacpi.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\amdppm.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\NdisVirtualBus.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\swenum.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\rdpbus.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\usbhub.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\AtihdWB6.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\ksthunk.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\UsbHub3.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\RTKVHD64.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\cdfs.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\athuw8x.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\vwifibus.sys BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\hidusb.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\usbccgp.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\mouhid.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\mouclass.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdhid.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdclass.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\monitor.sys BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\luafv.sys BOOTLOG_LOADED \??\C:\WINDOWS\system32\drivers\mbam.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\lltdio.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nwifi.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ndisuio.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rspndr.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\HTTP.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\bowser.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\mpsdrv.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb20.sys BOOTLOG_LOADED \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\bckd.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\condrv.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb10.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\Ndu.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\peauth.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\secdrv.SYS BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srvnet.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpipreg.sys BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv2.sys BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv.sys BOOTLOG_NOT_LOADED \SystemRoot\system32\drivers\WdFilter.sys BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tunnel.sys BOOTLOG_LOADED \SystemRoot\system32\Drivers\WdNisDrv.sys I had uninstalled these unknow software in my computer. 1.Your Product by Your Company 2. Wallpaper Manager by David-Kay Posmyk 3.Surftastic by Surftastic 4.Shopping Helper Smartbar by ReSoft Ltd. (cannot uninstall "The feature you are trying to use is on a network resource that is unavailable")

Nothing to be found. TDSSKiller.3.0.0.34_21.05.2014_18.13.13_log.txt Rogue processes are still running in Task Manager via temp folders

First of all I would like to apologise for NOT following some of your instructions. 1. TFC - Done! COMPUTER REBOOTED After that, I re ran FRSTfix as posted by you and here is the result Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014Ran by user at 2014-05-21 17:40:32 Run:3Running from C:\Users\user\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************c:\program files (x86)\common files\javac:\program files (x86)\javac:\users\user\appdata\local\temp\rarsfx16c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe ***************** "c:\program files (x86)\common files\java" => File/Directory not found."c:\program files (x86)\java" => File/Directory not found."c:\users\user\appdata\local\temp\rarsfx16" => File/Directory not found."c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe" => File/Directory not found. ==== End of Fixlog ==== I ended up editing the fixlist myself when I saw my temp folder.. and here is the log from my own edit. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014Ran by user at 2014-05-21 17:46:33 Run:4Running from C:\Users\user\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************c:\program files (x86)\common files\javac:\program files (x86)\javaC:\Users\user\AppData\Local\Temp\RarSFX0C:\Users\user\AppData\Local\Temp\RarSFX1C:\Users\user\AppData\Local\Temp\RarSFX24C:\Users\user\AppData\Local\Temp\RarSFX25C:\Users\user\AppData\Local\Temp\2nUkPnoMa9E.exeC:\Users\user\AppData\Local\Temp\7TSTnjaanVe.exe ***************** "c:\program files (x86)\common files\java" => File/Directory not found."c:\program files (x86)\java" => File/Directory not found. "C:\Users\user\AppData\Local\Temp\RarSFX0" directory move: C:\Users\user\AppData\Local\Temp\RarSFX0\api-example.c => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\api-example.py => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\API.class => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\cgminer.conf => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\cudart32_55.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\diablo130302.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\diakgcn121016.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\example.conf => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\klp10svc.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\klp11svc.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\libcurl-4.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\libeay32.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\libidn-11.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\librtmp.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\libssh2.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\linux-usb-cgminer.txt => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\MCast.class => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\phatk121016.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\poclbm130302.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\pthreadVC2.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\scrypt130511.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\ssleay32.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\SystemWhileIdle.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\windows-build.txt => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\zlib1.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\COPYING_fpgaminer => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\COPYING_ztex => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\fpgaminer_top_fixed7_197MHz.ncd => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15b1.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d1.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d3.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d4.bin => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d4.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15y1.bin => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15y1.bit => Moved successfully.Could not move "C:\Users\user\AppData\Local\Temp\RarSFX0" directory. => Scheduled to move on reboot. "C:\Users\user\AppData\Local\Temp\RarSFX1" directory move: C:\Users\user\AppData\Local\Temp\RarSFX1\api-example.c => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\api-example.py => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\API.class => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\cgminer.conf => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\cudart32_55.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\diablo130302.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\diakgcn121016.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\example.conf => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\klp10svc.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\klp11svc.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\libcurl-4.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\libeay32.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\libidn-11.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\librtmp.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\libssh2.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\linux-usb-cgminer.txt => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\MCast.class => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\phatk121016.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\poclbm130302.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\pthreadVC2.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\scrypt130511.cl => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\ssleay32.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\SystemWhileIdle.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\windows-build.txt => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\zlib1.dll => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\COPYING_fpgaminer => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\COPYING_ztex => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\fpgaminer_top_fixed7_197MHz.ncd => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15b1.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d1.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d3.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d4.bin => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d4.bit => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15y1.bin => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15y1.bit => Moved successfully.Could not move "C:\Users\user\AppData\Local\Temp\RarSFX1" directory. => Scheduled to move on reboot. C:\Users\user\AppData\Local\Temp\RarSFX24 => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX25 => Moved successfully.C:\Users\user\AppData\Local\Temp\2nUkPnoMa9E.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\7TSTnjaanVe.exe => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-21 17:48:23)<= C:\Users\user\AppData\Local\Temp\RarSFX0 => Moved successfully.C:\Users\user\AppData\Local\Temp\RarSFX1 => Moved successfully. ==== End of Fixlog ==== COMPUTER REBOOTED Launched task manager, and noted some rogue processes is still there.. Still running from the temp files. I couldnt seem to find what's the cause of this.. But I ran FRST scan again, and here is the log attached FRST.txtAddition.txt

Using the same fixlist.txt as posted by you in the previous post?