Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware in my pc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware in my pc

Unread postby DerPancake » February 26th, 2015, 4:23 pm

Not sure what it is, but chrome often crashes in some websites and downloads take a lot of times till they start, everytime I open Chrome this Vosteran website appears, even though I deleted it and removed from extensions it keeps coming back.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 10.45.2
Run by Luisito at 12:16:48 on 2015-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8131.6403 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DipAwayMode.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Ps3 Controller\ScpService.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AsDLNAServerReal.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Luisito\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{463D05EF-8A10-4AFD-B839-989094826A35} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-2-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-2-21 267632]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-24 20616]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-10-16 56336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-2-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-2-21 436624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-11-21 283064]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-9-3 46792]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-10-4 32840]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-8-24 927232]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [2013-4-18 945152]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [2013-9-29 1639424]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-2-21 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-2-21 87912]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-2-21 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-2-21 50344]
R2 Dimmdrive;Dimmdrive Disk Driver;C:\Windows\System32\drivers\dimmdrive.sys [2013-11-19 56960]
R2 Ds3Service;SCP DS3 Service;C:\Program Files\Ps3 Controller\ScpService.exe [2013-9-6 388352]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-8-24 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-3 21055432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-2-15 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-8-24 496400]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-24 366216]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-24 786056]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-30 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-30 40392]
R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2013-8-24 1327104]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2013-9-6 39168]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2013-9-16 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-1-9 520416]
S3 H5xUSB;Roxio GameCAP HD PRO;C:\Windows\System32\drivers\uth5x64.sys [2012-8-2 101632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-13 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124560]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-8-24 1903472]
S3 RoxMediaDBGame1X;RoxMediaDBGame1X;C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [2014-7-9 1096424]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-12 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-2-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-24 1255736]
.
=============== Created Last 30 ================
.
2015-02-25 23:28:01 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD97786B-A40F-4418-AFAB-ED59E214B540}\mpengine.dll
2015-02-23 23:56:23 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-22 05:26:00 -------- d-sh--w- C:\Jumpshot
2015-02-22 05:23:38 -------- d-----w- C:\Windows\jumpshot.com
2015-02-22 05:17:39 -------- d-----w- C:\Users\Luisito\AppData\Roaming\AVAST Software
2015-02-22 05:16:33 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-22 05:16:33 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-02-22 05:16:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-22 05:16:33 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-22 05:16:33 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-22 05:16:33 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-22 05:16:32 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-02-22 05:16:30 43152 ----a-w- C:\Windows\avastSS.scr
2015-02-22 05:15:55 -------- d-----w- C:\Program Files\AVAST Software
2015-02-22 05:15:25 -------- d-----w- C:\ProgramData\AVAST Software
2015-02-22 04:54:09 -------- d-----w- C:\zoek_backup
2015-02-21 18:28:01 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2137F404-ED63-4722-8647-440E71F88E03}\gapaengine.dll
2015-02-21 18:13:04 -------- d-----w- C:\AdwCleaner
2015-02-16 23:13:38 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-02-16 23:13:38 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-02-16 23:13:37 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-02-15 22:23:04 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-02-14 22:54:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-14 22:54:53 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-14 22:54:53 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-14 22:54:53 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-14 03:52:07 -------- d-----w- C:\Users\Luisito\AppData\Local\Steam
2015-02-14 03:09:25 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-02-14 03:09:25 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-02-14 03:09:25 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-02-14 03:09:25 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-02-14 03:07:56 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
==================== Find3M ====================
.
2015-02-26 16:49:15 1048576 ----a-w- C:\Windows\PE_Rom.dll
2015-02-25 04:52:47 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-14 06:20:13 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-14 06:20:13 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-09 02:03:01 3201536 ----a-w- C:\Windows\System32\win32k.sys
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
.
============= FINISH: 12:17:01.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/24/2013 12:18:38 PM
System Uptime: 2/26/2015 8:48:18 AM (4 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z87
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz | SOCKET 1150 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 26.318 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 932 GiB total, 321.132 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP332: 2/21/2015 9:15:52 PM - avast! antivirus system restore point
RP333: 2/23/2015 3:56:17 PM - Windows Update
RP334: 2/24/2015 10:46:03 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.57
Adobe Flash Player 16 ActiveX
Adobe Shockwave Player 12.0
Age of Empires II: HD Edition
Age of Empires III: Complete Collection
AI Suite III
Asmedia ASM106x SATA Host Controller Driver
Audacity 2.0.3
Avast Free Antivirus
Awesomenauts
Battle.net
Battlefield 3™
Battlefield 4™
BattlEye for OA Uninstall
Burnout™ Paradise: The Ultimate Box
CameraHelperMsi
CCleaner
Chivalry: Medieval Warfare
Command & Conquer™ Red Alert™ 3 Uprising
CPUID ASUS CPU-Z 1.63
Crysis® 2
DAEMON Tools Lite
DAEMON Tools Packages
Dead Space™
Dead Space™ 3
Deus Ex: Human Revolution - Director's Cut
Dimmdrive
Dota 2
Dota 2 Workshop Tools Alpha
Dual-Core Optimizer
Eets Munchies
erLT
Euro Truck Simulator 2
EVGA Precision X 4.2.1
Far Cry® 3
FIFA 14
FINAL FANTASY XIII
Futuremark SystemInfo
GameStop App
GCFScape 1.8.5
Google Chrome
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
GRID 2
Gyazo 1.2.1
Intel(R) Management Engine Components
Intel(R) Network Connections 18.1.59.0
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
Left 4 Dead 2
Logitech Webcam Software
Long Live The Queen
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Mafia II
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 2.0.4.1028
Mass Effect™
Mass Effect™ 2
Mass Effect™ 3
Medal of Honor (TM)
Microsoft .NET Framework 4.5.2
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft XNA Framework Redistributable 3.1
Minecraft1.7.2
Mirror's Edge™
Mount & Blade: Warband
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Mumble 1.2.5
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 340.52
NVIDIA Control Panel 340.52
NVIDIA GeForce Experience 2.1
NVIDIA Graphics Driver 340.52
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 14.6.22
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 14.6.22
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
Origin
Paint.NET v3.5.11
PAYDAY 2
Plantronics® GameCom 780 Software for Dolby® Headphone
Populous
Portal
Portal 2
PunkBuster Services
Ragnarok
Realtek High Definition Audio Driver
Rising Storm/Red Orchestra 2 Multiplayer
RivaTuner Statistics Server 5.2.0
Roxio CinePlayer Decoder Pack
Roxio Game Capture HD PRO
Roxio GameCAP HD Pro X64
Sanctum 2
SeaTools for Windows
Security Update for CAPICOM (KB931906)
SHIELD Streaming
Sid Meier's Civilization V
StarCraft II
Steam
Sumotori Full Version
swMSM
Swords and Soldiers HD
TalonRO Client 1.0.0
Team Fortress 2
THE KING OF FIGHTERS XIII STEAM EDITION
The Walking Dead
Titan Quest
Tomb Raider
Trine 2
Unity Web Player
Uplay
VC_CRT_x64
VLC media player
Warhammer® 40,000™: Dawn of War® II – Retribution™
WebM Project Directshow Filters
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/25/2015 7:08:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/25/2015 7:08:56 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2015 3:26:51 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureCommand with the following error: Access is denied.
2/25/2015 3:26:49 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
2/21/2015 9:39:37 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2015 9:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/21/2015 9:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/21/2015 9:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/21/2015 9:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/21/2015 9:36:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/21/2015 9:36:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/21/2015 9:36:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO DfsC discache HssDRV6 MpFilter ndisrd NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/21/2015 9:36:07 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/21/2015 9:36:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The SCP DS3 Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:31 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/21/2015 10:15:31 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/21/2015 10:15:30 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:30 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:30 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:30 AM, Error: Service Control Manager [7034] - The AsusFanControlService service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:30 AM, Error: Service Control Manager [7034] - The ASUS HM Com Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:30 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2015 10:15:30 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/21/2015 10:15:30 AM, Error: Service Control Manager [7031] - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm
Advertisement
Register to Remove

Re: malware in my pc

Unread postby Cypher » February 27th, 2015, 8:31 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs installed:
    Microsoft Security Essentials
    avast! Antivirus
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Please remove one of them then reboot your computer.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.




Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: malware in my pc

Unread postby DerPancake » February 27th, 2015, 9:18 pm

ADWCleaner log

# AdwCleaner v4.111 - Logfile created 27/02/2015 at 17:03:54
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Luisito - LUISITO-PC
# Running from : C:\Users\Luisito\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v40.0.2214.115

[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir=
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir=
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&search=&qsrc=364&o=0&l=dir
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.gamefly.com/rent-games/Search/?kw={searchTerms}&sec=GameFly&doSearch=

-\\ Chromium v

[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir=
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir=
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&search=&qsrc=364&o=0&l=dir
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.gamefly.com/rent-games/Search/?kw={searchTerms}&sec=GameFly&doSearch=

*************************

AdwCleaner[R2].txt - [2641 bytes] - [27/02/2015 17:00:32]
AdwCleaner[S2].txt - [4251 bytes] - [27/02/2015 17:03:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4310 bytes] ##########
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby DerPancake » February 27th, 2015, 9:18 pm

*deleted*
Last edited by DerPancake on February 28th, 2015, 1:40 am, edited 1 time in total.
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby DerPancake » February 27th, 2015, 9:19 pm

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Luisito (administrator) on LUISITO-PC on 27-02-2015 17:12:05
Running from C:\Users\Luisito\Desktop
Loaded Profiles: Luisito (Available profiles: Luisito)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFi GO! Server.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DipAwayMode.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
(Scarlet.Crush Productions) C:\Program Files\Ps3 Controller\ScpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AsDLNAServerReal.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-21] (AVAST Software)
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\Run: [Google Update] => C:\Users\Luisito\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-29] (Google Inc.)
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\MountPoints2: {02ce27d2-6a9d-11e4-b31f-74d02b2bdfed} - G:\iStudio.exe
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\MountPoints2: {3a0877f4-0cf1-11e3-87d5-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1566165043-2080726394-148814061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1566165043-2080726394-148814061-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Luisito\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1566165043-2080726394-148814061-1000: @talk.google.com/O1DPlugin -> C:\Users\Luisito\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1566165043-2080726394-148814061-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Luisito\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1566165043-2080726394-148814061-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Luisito\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1566165043-2080726394-148814061-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Luisito\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1566165043-2080726394-148814061-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Luisito\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Luisito\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (AdBlock) - C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Luisito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-1566165043-2080726394-148814061-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-21]
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152 2013-04-18] (ASUSTeK Computer Inc.) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424 2013-04-18] (ASUSTeK Computer Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-21] (AVAST Software)
R2 Ds3Service; C:\Program Files\Ps3 Controller\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-09] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-05] ()
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1096424 2014-07-09] (Corel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-21] ()
R2 Dimmdrive; C:\Windows\System32\drivers\dimmdrive.sys [56960 2013-09-14] (Dimmdrive)
R2 Dimmdrive; C:\Windows\SysWOW64\drivers\dimmdrive.sys [56960 2013-09-14] (Dimmdrive)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT) [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-12] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 17:12 - 2015-02-27 17:12 - 00017671 _____ () C:\Users\Luisito\Desktop\FRST.txt
2015-02-27 17:11 - 2015-02-27 17:12 - 00000000 ____D () C:\FRST
2015-02-27 17:10 - 2015-02-27 17:10 - 02087936 _____ (Farbar) C:\Users\Luisito\Desktop\FRST64.exe
2015-02-27 16:58 - 2015-02-27 17:04 - 00000000 ____D () C:\AdwCleaner
2015-02-27 16:54 - 2015-02-27 16:54 - 02126848 _____ () C:\Users\Luisito\Desktop\adwcleaner_4.111.exe
2015-02-26 12:17 - 2015-02-26 12:17 - 00021504 _____ () C:\Users\Luisito\Desktop\dds.txt
2015-02-26 12:17 - 2015-02-26 12:17 - 00014318 _____ () C:\Users\Luisito\Desktop\attach.txt
2015-02-26 12:02 - 2015-02-26 12:04 - 00688992 ____R (Swearware) C:\Users\Luisito\Downloads\dds.scr
2015-02-24 22:46 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 22:46 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:50 - 2015-02-24 20:50 - 00001581 _____ () C:\Users\Luisito\Desktop\mbam.exe - Shortcut.lnk
2015-02-22 14:32 - 2015-02-22 14:32 - 00003284 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1566165043-2080726394-148814061-1000
2015-02-22 14:22 - 2015-02-22 14:22 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-21 21:26 - 2015-02-21 22:25 - 00000000 __SHD () C:\Jumpshot
2015-02-21 21:23 - 2015-02-21 22:24 - 00000000 ____D () C:\Windows\jumpshot.com
2015-02-21 21:17 - 2015-02-21 21:17 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-21 21:17 - 2015-02-21 21:17 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\AVAST Software
2015-02-21 21:17 - 2015-02-21 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-21 21:16 - 2015-02-21 21:17 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-21 21:16 - 2015-02-21 21:17 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-21 21:16 - 2015-02-21 21:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-21 21:16 - 2015-02-21 21:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-21 21:16 - 2015-02-21 21:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-21 21:16 - 2015-02-21 21:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-21 21:16 - 2015-02-21 21:16 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-21 21:16 - 2015-02-21 21:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-21 21:16 - 2015-02-21 21:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-21 21:16 - 2015-02-21 21:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-21 21:16 - 2015-02-21 21:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-21 21:15 - 2015-02-21 21:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-21 21:15 - 2015-02-21 21:15 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-21 20:54 - 2015-02-21 20:54 - 00000000 ____D () C:\zoek_backup
2015-02-21 10:10 - 2015-02-21 10:15 - 00171530 _____ () C:\Users\Luisito\Downloads\73C3.tmp
2015-02-21 10:01 - 2015-02-21 10:05 - 01054064 _____ (Amazon Services LLC) C:\Users\Luisito\Downloads\Avast_Free_Antivirus_2015_Downloader.exe
2015-02-16 15:13 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-16 15:13 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-16 15:13 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-15 16:31 - 2015-02-15 16:31 - 00000000 ____H () C:\Users\Luisito\Documents\Default.rdp
2015-02-15 14:27 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-15 14:27 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-15 14:27 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-15 14:27 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-15 14:27 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-15 14:27 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-15 14:27 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-15 14:27 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-15 14:27 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-15 14:27 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-15 14:27 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-15 14:27 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-15 14:27 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-15 14:27 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-15 14:27 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-15 14:23 - 2014-07-02 09:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-14 21:33 - 2015-02-14 21:33 - 00077440 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-02-14 14:54 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 14:54 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 14:54 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 14:54 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 19:58 - 2015-02-13 19:58 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\Mozilla
2015-02-13 19:52 - 2015-02-13 19:52 - 00000000 ____D () C:\Users\Luisito\AppData\Local\Steam
2015-02-13 19:09 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-13 19:09 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-13 19:09 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 19:09 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-13 19:08 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 19:08 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 19:08 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 19:08 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 19:08 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 19:08 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-13 19:08 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 19:08 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-13 19:08 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-13 19:08 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-13 19:08 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-13 19:08 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-13 19:08 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-13 19:08 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-13 19:08 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-13 19:08 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-13 19:08 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-13 19:08 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-13 19:08 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-13 19:08 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-13 19:08 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-13 19:08 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-13 19:08 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-13 19:08 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-13 19:08 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-13 19:08 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-13 19:08 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-13 19:08 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-13 19:08 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-13 19:08 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-13 19:08 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-13 19:08 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-13 19:08 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-13 19:08 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-13 19:08 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-13 19:08 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-13 19:08 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-13 19:08 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-13 19:08 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-13 19:08 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-13 19:08 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-13 19:08 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-13 19:08 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-13 19:08 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-13 19:08 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-13 19:08 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-13 19:08 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-13 19:08 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-13 19:08 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-13 19:08 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-13 19:08 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-13 19:08 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-13 19:08 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-13 19:08 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-13 19:08 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-13 19:08 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-13 19:08 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-13 19:08 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-13 19:08 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-13 19:08 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-13 19:08 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-13 19:08 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-13 19:08 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 19:07 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-13 19:07 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-13 19:07 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-13 19:07 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-13 19:07 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-13 19:07 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-13 19:07 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-13 19:07 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-13 19:07 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-13 19:07 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-13 19:07 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-13 19:07 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-13 19:07 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 19:07 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-13 19:07 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-13 19:07 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-13 19:07 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-13 19:07 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-13 19:07 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-13 19:07 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-13 19:07 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-13 19:07 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-13 19:07 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-13 19:07 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-13 19:07 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-13 19:07 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 19:07 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 19:07 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 19:07 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-13 19:07 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 19:07 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 19:07 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 19:07 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 18:33 - 2015-02-11 18:33 - 00000000 ____D () C:\Users\Luisito\Documents\Dolphin Emulator
2015-02-11 18:28 - 2015-02-11 19:03 - 00000000 ____D () C:\Users\Luisito\Desktop\Dolphin-x64
2015-02-11 18:25 - 2015-02-21 22:23 - 00025156 _____ () C:\Windows\PFRO.log
2015-02-11 18:25 - 2015-02-11 18:25 - 00077440 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-02-03 17:12 - 2015-02-03 17:58 - 00000000 ____D () C:\Users\Luisito\Desktop\Mame 1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 17:11 - 2009-07-13 21:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 17:10 - 2013-08-30 17:49 - 00000000 ____D () C:\Users\Luisito\AppData\Local\CrashDumps
2015-02-27 17:08 - 2013-08-24 11:18 - 01898858 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 17:05 - 2015-01-09 12:38 - 00021610 _____ () C:\Windows\setupact.log
2015-02-27 17:05 - 2013-09-29 18:53 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-27 17:05 - 2013-09-06 12:40 - 00000000 ____D () C:\Program Files\Ps3 Controller
2015-02-27 17:05 - 2013-08-24 13:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 17:05 - 2013-08-24 12:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-27 17:05 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 17:02 - 2013-10-03 21:18 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{62060000-7BD2-4F65-A947-C47343713D50}
2015-02-27 16:58 - 2014-09-29 13:40 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000UA.job
2015-02-27 16:20 - 2013-09-02 22:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 16:15 - 2013-08-24 13:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-27 16:14 - 2013-08-24 13:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 15:47 - 2009-07-13 20:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 15:47 - 2009-07-13 20:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 15:20 - 2014-01-10 15:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-26 19:58 - 2014-09-29 13:40 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000Core.job
2015-02-26 19:54 - 2013-08-28 20:23 - 00000000 ____D () C:\Users\Luisito\AppData\Local\Paint.NET
2015-02-25 15:16 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default
2015-02-24 20:52 - 2015-01-08 17:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 14:22 - 2013-09-21 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-21 22:19 - 2013-08-24 11:18 - 00000000 ____D () C:\Users\Luisito
2015-02-21 21:30 - 2014-07-29 00:07 - 00000000 _____ () C:\Users\Luisito\Desktop\GCFScape.lnk
2015-02-21 21:30 - 2013-09-29 18:59 - 00000000 _____ () C:\Users\Public\Desktop\CPUID ASUS CPU-Z.lnk
2015-02-21 21:26 - 2013-08-24 11:18 - 03407872 ___SH () C:\Users\Luisito\.ghost-ntfs-3g-00000000000000000009
2015-02-21 21:26 - 2009-07-13 18:34 - 67895296 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2015-02-21 21:26 - 2009-07-13 18:34 - 18350080 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2015-02-21 21:19 - 2013-11-19 00:16 - 00000000 ____D () C:\Program Files (x86)\Dimmdrive
2015-02-21 21:16 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-02-20 18:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 14:44 - 2013-09-03 20:44 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\uTorrent
2015-02-15 14:36 - 2013-09-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-15 14:36 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-15 14:25 - 2013-08-24 12:01 - 00776408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-15 14:23 - 2013-08-24 12:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-15 14:21 - 2013-08-24 12:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-14 09:18 - 2014-12-11 12:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 09:18 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-14 09:18 - 2009-07-13 20:45 - 00315064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 09:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-14 01:53 - 2013-09-29 21:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 01:52 - 2013-08-24 12:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 01:50 - 2013-08-24 12:31 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 22:20 - 2013-09-02 22:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 22:20 - 2013-09-02 22:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-13 22:20 - 2013-09-02 22:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-13 19:53 - 2014-09-29 13:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000UA
2015-02-13 19:53 - 2014-09-29 13:40 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000Core
2015-02-13 19:09 - 2013-08-24 13:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 19:09 - 2013-08-24 13:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-13 19:04 - 2013-08-24 13:26 - 00000000 ____D () C:\ProgramData\Origin
2015-02-13 19:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-12 15:35 - 2013-10-03 19:38 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-12 15:35 - 2013-10-03 19:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-12 15:35 - 2013-08-24 11:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-12 15:33 - 2013-09-02 22:19 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-02-09 19:59 - 2013-08-24 13:27 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-09 19:49 - 2013-09-21 14:37 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\vlc
2015-02-09 19:35 - 2014-07-29 19:41 - 00000225 ____R () C:\Users\Luisito\Desktop\Dota 2 Launch Options.txt
2015-02-06 16:48 - 2009-07-13 21:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-05 12:33 - 2013-10-30 13:57 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\Trine2
2015-02-05 12:33 - 2013-09-19 21:43 - 00005809 ____R () C:\Users\Luisito\Documents\TombRaider.log

==================== Files in the root of some directories =======

2014-06-22 16:09 - 2014-10-30 22:57 - 0001181 ____R () C:\Users\Luisito\AppData\Roaming\trace_FilterInstaller.1.txt
2014-06-22 16:09 - 2014-06-22 16:09 - 0001181 ____R () C:\Users\Luisito\AppData\Roaming\trace_FilterInstaller.2.txt
2014-06-22 16:09 - 2014-11-01 15:03 - 0000919 ____R () C:\Users\Luisito\AppData\Roaming\trace_FilterInstaller.txt
2014-06-22 16:09 - 2014-11-01 15:03 - 0000000 ____R () C:\Users\Luisito\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-11-21 15:08 - 2015-01-08 00:08 - 0000197 ____R () C:\Users\Luisito\AppData\Roaming\WB.CFG
2014-11-24 08:08 - 2014-12-16 14:08 - 0000001 ____R () C:\Users\Luisito\AppData\Local\DSI.DAT
2014-11-24 08:08 - 2014-11-24 08:08 - 0022528 ____R () C:\Users\Luisito\AppData\Local\dsisetup27454772.exe
2014-12-02 12:08 - 2014-12-02 12:08 - 0022528 ____R () C:\Users\Luisito\AppData\Local\dsisetup32101102.exe
2014-12-16 14:08 - 2014-12-16 14:08 - 0022528 ____R () C:\Users\Luisito\AppData\Local\dsisetup9475812.exe
2013-12-28 16:14 - 2014-01-17 15:23 - 1065984 ____R () C:\Users\Luisito\AppData\Local\file__0.localstorage
2013-10-04 16:05 - 2014-06-21 16:18 - 0007601 ____R () C:\Users\Luisito\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Luisito\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 19:10

==================== End Of Log ============================
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby DerPancake » February 27th, 2015, 9:21 pm

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Luisito at 2015-02-27 17:12:18
Running from C:\Users\Luisito\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
AI Suite III (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.42 - ASUSTeK Computer Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{1CDC8E7D-CDFC-4C2B-A080-23D943354625}) (Version: 1.1.0.0 - Electronic Arts)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)
Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Command & Conquer™ Red Alert™ 3 Uprising (HKLM-x32\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
CPUID ASUS CPU-Z 1.63 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.63 - CPUID, Inc.)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAEMON Tools Packages (HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\DAEMON Tools Packages) (Version: - ) <==== ATTENTION
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
Dimmdrive (HKLM-x32\...\{D627B8AA-93C6-4300-8B24-A1B0C6A00003}) (Version: 1.0.0.9 - Dimmdrive)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version: - SQUARE ENIX)
Futuremark SystemInfo (HKLM-x32\...\{4050C71E-EB43-4A8C-B6A6-778DD6F8252C}) (Version: 4.24.338 - Futuremark)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing)
Gyazo 1.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc. & Toshiyuki Masui)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Tale Worlds)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 1.00.0001 - Plantronics)
Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Ragnarok (HKLM-x32\...\Steam App 215100) (Version: - Gravity Interactive)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 2.0 - Roxio)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Swords and Soldiers HD (HKLM-x32\...\Steam App 63500) (Version: - Ronimo Games)
TalonRO Client 1.0.0 (HKLM-x32\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
THE KING OF FIGHTERS XIII STEAM EDITION (HKLM-x32\...\Steam App 222940) (Version: - SNK Playmore)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Unity Web Player (HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
WebM Project Directshow Filters (HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\webmdshow) (Version: - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1566165043-2080726394-148814061-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Luisito\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1566165043-2080726394-148814061-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luisito\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

23-02-2015 15:56:17 Windows Update
24-02-2015 22:46:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0653E29D-C433-4B94-9B7E-18D8061FAB03} - System32\Tasks\avastBCLRestartS-1-5-21-1566165043-2080726394-148814061-1000 => Chrome.exe
Task: {0B3728AD-FB67-4A51-8499-2159904012EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000UA => C:\Users\Luisito\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {0E356D5C-B669-4EE3-A236-6C35B6DACDF4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000Core => C:\Users\Luisito\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {1EAC8F4F-6F35-4751-B9A0-993BDDE7E832} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-04-18] (ASUSTeK Computer Inc.)
Task: {286793DC-C7FB-4775-9854-E682782B8F72} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {324116AE-C46B-4F05-9FE8-2C01602EDB0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13] (Adobe Systems Incorporated)
Task: {3E616C08-EC9F-4AFA-A6F7-0DDA7E8503A5} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFi GO! Server.exe [2013-04-09] (ASUSTeK Computer Inc.)
Task: {42424BFE-2FED-4765-AC25-D9E455D0628C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DipAwayMode.exe [2013-04-22] ()
Task: {443EADAB-48B9-4E00-9C5A-2EEBC309F674} - System32\Tasks\{FAF46E66-DF3E-4EA7-ADB9-6E3939062DEF} => pcalua.exe -a C:\PROGRA~2\MagicISO\UNWISE.EXE -c C:\PROGRA~2\MagicISO\INSTALL.LOG
Task: {443EF943-0985-4840-8065-2F02FDC82419} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-21] (AVAST Software)
Task: {54AE3044-D360-4C2F-B23D-CD472EB25162} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {808B8EE0-BBEB-430B-A692-FE356E18856C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {86BE4E0F-8820-4609-945E-A284686F8225} - System32\Tasks\{DE226481-7C14-4434-87FC-3373C0BA79CA} => pcalua.exe -a C:\Users\Luisito\Downloads\MassEffect_EFIGS_1.02.exe -d C:\Users\Luisito\Downloads
Task: {970574AA-E3BD-4322-A6B8-B6229A613C1E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {A243BE10-58E3-494B-91EE-19765C58E874} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {BB503FEB-831E-4DA1-BBDD-A4F10EF9CB20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {EE44C473-CEB3-412A-9BF9-F7AD61EF3F8C} - System32\Tasks\{74184DFB-8BD8-45A0-95BC-3B4A94CD2C29} => pcalua.exe -a C:\Users\Luisito\Desktop\EVGA_PrecisionX_Setup_421.exe -d C:\Users\Luisito\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000Core.job => C:\Users\Luisito\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1566165043-2080726394-148814061-1000UA.job => C:\Users\Luisito\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-24 12:05 - 2014-07-02 10:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-24 11:22 - 2012-10-28 23:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-08-24 13:09 - 2011-12-01 11:15 - 00777448 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe
2013-09-29 18:18 - 2013-04-22 13:18 - 01218360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DipAwayMode.exe
2013-12-24 14:29 - 2014-05-29 15:34 - 00115656 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2013-12-24 14:29 - 2014-05-29 15:35 - 00855328 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2013-12-06 22:29 - 2014-10-12 20:51 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-02-27 15:11 - 2015-02-27 15:11 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2013-08-24 11:22 - 2015-02-27 17:05 - 00030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-08-24 11:22 - 2012-05-07 08:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2013-08-24 13:09 - 2011-12-01 11:16 - 00150760 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll
2013-09-29 18:16 - 2013-04-18 16:43 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2013-09-29 18:16 - 2013-04-17 09:00 - 01111040 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2013-09-29 18:16 - 2013-04-02 16:32 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2013-09-29 18:17 - 2013-04-12 11:59 - 02046976 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\WiFiGO.dll
2013-09-29 18:18 - 2013-04-23 13:34 - 01976832 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\ThermalRadar2.dll
2013-09-29 18:15 - 2013-04-18 01:43 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2013-09-29 18:16 - 2013-04-18 16:43 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2013-09-29 18:18 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2013-09-29 18:16 - 2013-04-18 16:43 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2013-09-29 18:16 - 2013-04-18 16:43 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2013-09-29 18:17 - 2012-05-02 17:04 - 00233472 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\AudioProjection.dll
2013-09-29 18:17 - 2010-12-14 16:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\CoreAudioCap.dll
2013-09-29 18:17 - 2012-10-03 14:01 - 00161792 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\DLCapPP.dll
2013-09-29 18:17 - 2012-10-09 09:54 - 00425984 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\awiscale.DLL
2013-09-29 18:17 - 2010-10-29 17:58 - 00221184 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\JpegCD.DLL
2013-09-29 18:17 - 2012-07-25 16:39 - 02486272 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\xH264E.DLL
2013-09-29 18:17 - 2012-01-12 15:44 - 00475136 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFiGO_HookKey.dll
2013-09-29 18:17 - 2013-03-21 16:07 - 00154112 _____ () C:\Program Files (x86)\InstallShield Installation Information\{104BE4B8-D1DB-4170-977B-364960893DC8}\CloudAPI\CloudAPI.dll
2013-09-29 18:17 - 2013-03-21 18:38 - 00716800 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiMoveHelp.dll
2013-09-29 18:17 - 2012-04-25 13:47 - 00659456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\PhoneCtrlAPI.dll
2013-09-29 18:18 - 2013-04-18 13:08 - 00497664 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\vvc2.dll
2013-09-29 18:18 - 2013-04-18 13:08 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2013-09-29 18:18 - 2013-04-22 13:18 - 00784384 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2013-09-29 18:18 - 2013-04-18 14:06 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2013-09-29 18:18 - 2013-04-18 13:08 - 00769024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2015-02-21 21:16 - 2015-02-21 21:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-19 15:20 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 15:20 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 15:20 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2013-08-24 11:59 - 2013-03-12 12:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1566165043-2080726394-148814061-1000\Software\Classes\.exe: => <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1566165043-2080726394-148814061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luisito\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Dimmdrive Helper => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^Users^Luisito^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.Startup
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: ASUS WiFi GO! FileTransfer Execute => C:\Program Files (x86)\ASUS\AI Suite III\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RGSC => E:\SteamLibrary\SteamApps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Luisito\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== Accounts: =============================

Administrator (S-1-5-21-1566165043-2080726394-148814061-500 - Administrator - Disabled)
Guest (S-1-5-21-1566165043-2080726394-148814061-501 - Limited - Disabled)
Luisito (S-1-5-21-1566165043-2080726394-148814061-1000 - Administrator - Enabled) => C:\Users\Luisito

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 05:11:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1848) WebCacheLocal: An attempt to open the file "C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 05:11:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1848) WebCacheLocal: An attempt to open the file "C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 05:11:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1848) WebCacheLocal: An attempt to open the file "C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 05:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 14.6.22.1, time stamp: 0x5387b7ef
Faulting module name: NvBackend.exe, version: 14.6.22.1, time stamp: 0x5387b7ef
Exception code: 0xc0000417
Fault offset: 0x0013ef0b
Faulting process id: 0x1464
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (02/27/2015 05:10:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1848) WebCacheLocal: An attempt to open the file "C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 05:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 14.6.22.1, time stamp: 0x5387b7ef
Faulting module name: NvBackend.exe, version: 14.6.22.1, time stamp: 0x5387b7ef
Exception code: 0xc0000417
Fault offset: 0x0013ef0b
Faulting process id: 0x11fc
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (02/27/2015 05:05:31 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1848) WebCacheLocal: An attempt to open the file "C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 05:05:21 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1848) WebCacheLocal: An attempt to open the file "C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 05:05:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 14.6.22.1, time stamp: 0x5387b7ef
Faulting module name: NvBackend.exe, version: 14.6.22.1, time stamp: 0x5387b7ef
Exception code: 0xc0000417
Fault offset: 0x0013ef0b
Faulting process id: 0x79c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (02/27/2015 05:05:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/27/2015 03:11:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/26/2015 06:44:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (02/26/2015 06:44:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/25/2015 07:08:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (02/25/2015 07:08:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/25/2015 03:26:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (02/25/2015 03:26:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (02/21/2015 10:34:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (02/21/2015 10:34:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/21/2015 10:15:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/27/2015 05:11:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1848WebCacheLocal: C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/27/2015 05:11:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1848WebCacheLocal: C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/27/2015 05:11:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1848WebCacheLocal: C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/27/2015 05:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe14.6.22.15387b7efNvBackend.exe14.6.22.15387b7efc00004170013ef0b146401d052f365eb271aC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exea3a2491b-bee6-11e4-a3d1-74d02b2bdfed

Error: (02/27/2015 05:10:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1848WebCacheLocal: C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/27/2015 05:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe14.6.22.15387b7efNvBackend.exe14.6.22.15387b7efc00004170013ef0b11fc01d052f35cf52af3C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe9b326edb-bee6-11e4-a3d1-74d02b2bdfed

Error: (02/27/2015 05:05:31 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1848WebCacheLocal: C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/27/2015 05:05:21 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1848WebCacheLocal: C:\Users\Luisito\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/27/2015 05:05:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe14.6.22.15387b7efNvBackend.exe14.6.22.15387b7efc00004170013ef0b79c01d052f29a78d2fcC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exed9f7d69f-bee5-11e4-a3d1-74d02b2bdfed

Error: (02/27/2015 05:05:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 8130.64 MB
Available physical RAM: 6229.14 MB
Total Pagefile: 16259.47 MB
Available Pagefile: 14094.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:27.39 GB) NTFS
Drive d: (AOE3) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF
Drive e: () (Fixed) (Total:931.51 GB) (Free:320.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B69B0EE)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0B69B0F6)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby DerPancake » February 27th, 2015, 9:22 pm

*deleted*
Last edited by DerPancake on February 28th, 2015, 1:41 am, edited 1 time in total.
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby DerPancake » February 27th, 2015, 9:24 pm

Im posting the ADW log, but it says its says I have to wait for a moderator's approval.

Edit: the ADW log was posted 3 times, I deleted the other 2.
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby Cypher » February 28th, 2015, 8:08 am

Hi,
Im posting the ADW log, but it says its says I have to wait for a moderator's approval.

That's ok, it needed approval due to the log contents.
We need to run a fix, once done let me know how your computer is running now.
Still having problems?

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
DAEMON Tools Packages
Java 7 Update 45


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\MountPoints2: {02ce27d2-6a9d-11e4-b31f-74d02b2bdfed} - G:\iStudio.exe
    HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\MountPoints2: {3a0877f4-0cf1-11e3-87d5-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
    SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKU\S-1-5-21-1566165043-2080726394-148814061-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    2015-02-21 10:10 - 2015-02-21 10:15 - 00171530 _____ () C:\Users\Luisito\Downloads\73C3.tmp
    2015-02-15 14:44 - 2013-09-03 20:44 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\uTorrent
    C:\Users\Luisito\AppData\Local\Temp\sqlite3.dll
    HKU\S-1-5-21-1566165043-2080726394-148814061-1000\Software\Classes\.exe: => <===== ATTENTION!
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: malware in my pc

Unread postby DerPancake » February 28th, 2015, 9:46 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Luisito at 2015-02-28 09:40:05 Run:1
Running from C:\Users\Luisito\Desktop
Loaded Profiles: Luisito (Available profiles: Luisito)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\MountPoints2: {02ce27d2-6a9d-11e4-b31f-74d02b2bdfed} - G:\iStudio.exe
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\...\MountPoints2: {3a0877f4-0cf1-11e3-87d5-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtB0B0D0F0E0DyEtDtC0AtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtDtA0EtCtCtAzztGyC0F0CyBtGtD0C0EzztGtBtBzyzytGtC0B0A0EyBtC0A0FtD0DtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CtBzz0FzzyE0BtG0B0DyEyBtGyEzyyE0BtG0BtD0EtDtGyD0E0EtB0EtB0AyCyByDtD0E2Q&cr=887280659&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-1566165043-2080726394-148814061-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
2015-02-21 10:10 - 2015-02-21 10:15 - 00171530 _____ () C:\Users\Luisito\Downloads\73C3.tmp
2015-02-15 14:44 - 2013-09-03 20:44 - 00000000 ____D () C:\Users\Luisito\AppData\Roaming\uTorrent
C:\Users\Luisito\AppData\Local\Temp\sqlite3.dll
HKU\S-1-5-21-1566165043-2080726394-148814061-1000\Software\Classes\.exe: => <===== ATTENTION!

EmptyTemp:
CMD: ipconfig /flushdns
*****************

"HKU\S-1-5-21-1566165043-2080726394-148814061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ce27d2-6a9d-11e4-b31f-74d02b2bdfed}" => Key deleted successfully.
HKCR\CLSID\{02ce27d2-6a9d-11e4-b31f-74d02b2bdfed} => Key not found.
"HKU\S-1-5-21-1566165043-2080726394-148814061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a0877f4-0cf1-11e3-87d5-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{3a0877f4-0cf1-11e3-87d5-806e6f6e6963} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\Äÿ" => Key deleted successfully.
"HKU\S-1-5-21-1566165043-2080726394-148814061-1000\SOFTWARE\Google\Chrome\Extensions\Äÿ" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\Äÿ" => Key deleted successfully.
GPUZ => Service deleted successfully.
C:\Users\Luisito\Downloads\73C3.tmp => Moved successfully.
C:\Users\Luisito\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\Luisito\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-1566165043-2080726394-148814061-1000\Software\Classes\.exe" => Key deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 573.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:40:14 ====

It still feels the same, Vosteran search webpage opens everytime I open Chrome, and downloading and uploading still takes a huge amount of time.
DerPancake
Active Member
 
Posts: 8
Joined: February 26th, 2015, 3:58 pm

Re: malware in my pc

Unread postby Cypher » March 1st, 2015, 7:11 am

DerPancake wrote:It still feels the same, Vosteran search webpage opens everytime I open Chrome,

We need to reinstall Google Chrome.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Google Chrome
Google Update Helper

If you're asked if you would like to keep any personalized settings or folders, say NO...
Now make sure that the folders from Chrome are deleted!!!, delete the below if they exist.
C:\Users\Luisito\AppData\Local\Google
C:\Program Files (x86)\Google


Now reboot your computer.

Next..

Download and reinstall Google chrome from Here

Still having problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: malware in my pc

Unread postby Cypher » March 4th, 2015, 6:37 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware