Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Luckysearches" hijacking browser and other adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » March 30th, 2015, 2:06 pm

I recently got caught installing some software in the process of attempting to download a legit application, basically a lot of the software that got installed was adware/malware. Problems included unwanted adverts in browser, fake notifications about PC problems inviting you to scan/try products etc. I have removed a lot of this stuff.

My remaining problem that is visible to me at the moment is my browser (Opera) still loads up the page (luckysearches.com) upon startup. It is not set as the homepage, but appears each time I start it up. None of my other browsers (IE, firefox) exhibit this behaviour. I believe that the sweep I did with malwarebytes removed the entries for these browsers. I have the log from the removal I did with malwarebytes if you need it later to see what was removed.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689
Run by Raymond at 18:27:46 on 2015-03-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16331.12878 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\ASUS Xonar DGX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.yahoo.com
mStart Page = http://www.google.com
mSearch Page = http://www.google.com
mDefault_Page_URL = http://www.google.com
mDefault_Search_URL = http://www.google.com
mWinlogon: Userinit = userinit.exe,
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AF86198F-0858-48CB-A616-117CAA20E22C} : DHCPNameServer = 192.168.1.254
AppInit_DLLs= c:\progra~3\fastan~1\fastan~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = http://www.google.com
x64-mSearch Page = http://www.google.com
x64-mDefault_Page_URL = http://www.google.com
x64-mDefault_Search_URL = http://www.google.com
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\
FF - prefs.js: browser.search.defaulturl - hxxps://uk.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://uk.yahoo.com/?fr=hp-avast&type=agc511
FF - prefs.js: keyword.URL - hxxps://uk.search.yahoo.com/yhs/search
FF - prefs.js: network.proxy.ftp - 189.113.64.126
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 189.113.64.126
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 189.113.64.126
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 189.113.64.126
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Raymond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-7 645952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-7 27456]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-7-4 283064]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-31 216192]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-3-19 1148560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-7 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-8-16 149032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-7 169432]
R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2014-10-19 103992]
R2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2014-10-19 1723856]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 124560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-3-19 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-3-19 21833360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-3-19 410768]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-3-7 1931264]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2013-3-7 33944]
R3 cmudaxp;ASUS Xonar DGX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-9-30 2734080]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-8-16 20968]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-8-16 19944]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-26 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-26 792560]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-3-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-3-30 136408]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-10-10 32344]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-2-4 121416]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [2014-10-19 14136]
R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2014-10-19 13368]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-3-19 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-3-19 38032]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-3-11 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-15 888536]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-8-27 114568]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-8-27 230280]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2015-3-29 39168]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-3-7 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-3-30 1080120]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-3-7 88728]
S3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-8-31 55448]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-3-7 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-3-7 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-3-7 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-3-7 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-3-7 135832]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-3-7 575128]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-7-24 1051600]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2015-3-20 344288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-5-23 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-3-30 63704]
S3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [2014-6-15 13368]
S3 Origin Client Service;Origin Client Service;B:\Program Files (x86)\Origin\OriginClientService.exe [2013-3-7 1903472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-7 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2015-3-30 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-7 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-7 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-03-30 17:05:57 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-30 17:05:47 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-03-30 17:05:47 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-03-30 17:05:47 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-30 17:05:46 -------- d-----w- C:\ProgramData\Malwarebytes
2015-03-30 17:05:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 15:43:06 -------- d-----w- C:\AdwCleaner
2015-03-30 15:16:30 -------- d-----w- C:\Users\Raymond\AppData\Local\VS Revo Group
2015-03-30 15:16:29 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2015-03-30 15:16:29 -------- d-----w- C:\ProgramData\VS Revo Group
2015-03-30 15:16:27 -------- d-----w- C:\Program Files\VS Revo Group
2015-03-30 15:05:05 -------- d-----w- C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af
2015-03-30 15:05:04 -------- d-----w- C:\ProgramData\34835439b53c4b5dafc5b63b4bf06108
2015-03-30 15:01:53 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C40227D-BDE6-4BA4-BBC1-0481B4FFF7B4}\mpengine.dll
2015-03-30 14:59:39 -------- d-----w- C:\Program Files (x86)\0915e3e3-e251-44b8-8621-f8893f12f5a4
2015-03-30 14:59:02 -------- d-----w- C:\ProgramData\7349012640429361576
2015-03-30 12:12:55 14480 ----a-w- C:\Windows\System32\drivers\nvflash.sys
2015-03-29 13:02:32 39168 ----a-w- C:\Windows\System32\drivers\ScpVBus.sys
2015-03-29 09:51:43 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-28 16:29:40 -------- d-----w- C:\Users\Raymond\AppData\Local\Futuremark
2015-03-28 16:27:37 -------- d-----w- C:\Program Files (x86)\Futuremark
2015-03-27 12:33:16 -------- d-----w- C:\Users\Raymond\Valley
2015-03-26 11:06:00 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C76697E-7E70-4E5C-92AA-56972C4C9011}\gapaengine.dll
2015-03-25 22:00:06 -------- d-----w- C:\Users\Raymond\AppData\Roaming\NVIDIA
2015-03-25 13:00:32 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-25 12:54:49 -------- d-----w- C:\GvTemp
2015-03-25 12:54:02 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2015-03-25 07:29:53 943616 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-25 07:29:53 760832 ----a-w- C:\Windows\System32\invagent.dll
2015-03-25 07:29:53 677888 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-25 07:29:53 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-03-25 07:29:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-25 07:29:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-25 07:29:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-25 07:29:53 1107456 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-19 07:51:36 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-03-19 07:50:59 73872 ----a-w- C:\Windows\System32\OpenCL.dll
2015-03-19 07:50:59 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-03-18 13:11:58 -------- d-----w- C:\Users\Raymond\dwhelper
2015-03-16 16:49:26 -------- d-----w- C:\Program Files (x86)\Reddit Link Opener
2015-03-12 08:43:47 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2015-03-11 19:44:44 -------- d-----w- C:\Users\Raymond\AppData\Roaming\.mono
2015-03-11 19:44:44 -------- d-----w- C:\ProgramData\.mono
2015-03-11 19:44:43 -------- d-----w- C:\Users\Raymond\AppData\Roaming\Colossal Order
2015-03-11 19:44:43 -------- d-----w- C:\Users\Raymond\AppData\Local\Colossal Order
2015-03-11 08:43:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 07:53:00 -------- d-----w- C:\Program Files\SSofttCoUp
2015-03-05 19:33:32 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2015-03-05 19:32:42 0 ----a-w- C:\Windows\SysWow64\RENDF72.tmp
2015-03-05 19:32:16 0 ----a-w- C:\Windows\SysWow64\REN76D1.tmp
2015-03-05 19:31:07 -------- d-----w- C:\ProgramData\Oracle
2015-03-02 08:20:47 -------- d-----w- C:\Program Files\eaasytoshop
2015-03-02 08:20:43 -------- d-----w- C:\Program Files\SofftCoup
2015-03-02 08:20:41 -------- d-----w- C:\Program Files\FineDeaeLSoft
2015-03-02 08:20:38 -------- d-----w- C:\Program Files\Turntable fm Extended
.
==================== Find3M ====================
.
2015-03-30 17:13:15 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2015-03-24 08:16:41 778928 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-03-24 08:16:41 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-13 16:16:47 6861968 ----a-w- C:\Windows\System32\nvcpl.dll
2015-03-13 16:16:47 3526856 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-03-13 16:16:45 935056 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-03-13 16:16:45 62608 ----a-w- C:\Windows\System32\nvshext.dll
2015-03-13 16:16:45 386248 ----a-w- C:\Windows\System32\nvmctray.dll
2015-03-13 16:16:45 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-03-13 15:38:39 622224 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-03-11 13:10:00 4246327 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-25 13:27:55 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 18:27:57.93 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/03/2013 13:55:39
System Uptime: 30/03/2015 18:13:08 (0 hours ago)
.
Motherboard: MSI | | Z77 MPower (MS-7751)
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 932 GiB total, 94.615 GiB free.
C: is FIXED (NTFS) - 119 GiB total, 47.904 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\MSFT0001\4&34A1A1BF&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\MSFT0001\4&34A1A1BF&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\MSFT0003\4&34A1A1BF&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\MSFT0003\4&34A1A1BF&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP373: 25/03/2015 21:38:48 - Installed DirectX
RP374: 25/03/2015 21:59:51 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
RP375: 25/03/2015 21:59:54 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
RP376: 27/03/2015 21:00:57 - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
RP377: 28/03/2015 16:27:18 - 3DMark
RP378: 28/03/2015 16:27:39 - Installed DirectX
RP379: 28/03/2015 20:35:28 - 3DMark
RP380: 28/03/2015 20:35:56 - 3DMark
RP381: 28/03/2015 20:36:12 - Installed DirectX
RP382: 29/03/2015 10:51:40 - Windows Update
RP383: 29/03/2015 14:04:08 - Device Driver Package Install: Scarlet.Crush Productions System devices
RP385: 30/03/2015 16:28:23 - Revo Uninstaller Pro's restore point - CinemaP-1.4cV30.03
RP387: 30/03/2015 16:30:29 - Revo Uninstaller Pro's restore point - FlashBeat
RP389: 30/03/2015 16:35:55 - Revo Uninstaller Pro's restore point - ProiceLesS
RP391: 30/03/2015 16:37:12 - Revo Uninstaller Pro's restore point - luckysearches
RP393: 30/03/2015 16:37:34 - Revo Uninstaller Pro's restore point - shopperz
.
==== Installed Programs ======================
.
3DMark
64 Bit HP CIO Components Installer
AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome
Aarklash: Legacy
Adobe Flash Player 16 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Age of Wonders III
AI War: Fleet Command
Alan Wake
Antichamber
Arsenal of Democracy
Assetto Corsa
ASUS Xonar DG Audio Driver
Atheros Client Installation Program
Audiosurf
Battle.net
Battlefield 4™
Battlelog Web Plugins
BioShock Infinite
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
Blood Bowl: Chaos Edition
BufferChm
Capsule
Castlevania: Lords of Shadow - Ultimate Edition
Castlevania: Lords of Shadow 2 Demo
CCleaner
Chainsaw Warrior
Circuits
Cities XL Platinum
Cities: Skylines
CLICKBIOSII
Content Manager Assistant for PlayStation(R)
ControlCenter
Copy
Counter-Strike: Global Offensive
CPUID CPU-Z 1.63.0
Crusader Kings II
Curse Client
DAEMON Tools Lite
Danmaku Unlimited 2
Democracy 2
Depths of Peril
Destinations
Desura
Desura: Talisman Prologue
DeviceDiscovery
Devil May Cry 4
Diablo III
DiRT 2
DJ_AIO_06_F2400_SW_Min
DuckTales Remastered
Dungeons & Dragons: Chronicles of Mystara
Dungeons and Dragons Anthology: The Master Collection
Eador. Masters of the Broken World
eReg
ESN Sonar
Europa Universalis IV
F.E.A.R.
F.E.A.R.: Extraction Point
F.E.A.R.: Perseus Mandate
F2400
Fallen Enchantress: Legendary Heroes
FEZ
FINAL FANTASY XIV: A Realm Reborn
FTL: Faster Than Light
Futuremark SystemInfo
Google Chrome
Google Update Helper
GPBaseService2
GRID 2
Guild Wars 2
Gunpoint
Half-Life 2
Hearthstone
HearthstoneTracker
Heaven Benchmark version 4.0
Heroes of Might and Magic V
Heroes of the Storm
HHD Software Free Hex Editor Neo 5.14
Hitman 2: Silent Assassin
Hitman: Absolution
Hotline Miami
HP Customer Participation Program 14.0
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 3.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Jamestown
Java 8 Update 40 (64-bit)
Java Auto Updater
Karaoke Sound Tools 2
Killing Floor
La-Mulana
Legend of Grimrock
Livestreamer 1.10.2
Logitech Gaming Software 5.10
Logitech SetPoint 6.52
Magic 2014
Malwarebytes Anti-Malware version 2.1.4.1018
Mark of the Ninja
MarketResearch
Max Payne
Microsoft .NET Framework 4.5.1
Microsoft ASP.NET MVC 4 Runtime
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Might & Magic Heroes VI - Shades of Darkness
Might & Magic VI
Might & Magic X - Legacy
MotioninJoy Gamepad tool 0.7.1001
MotoGP™14 Demo
Mozilla Firefox 36.0.4 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 4.1.0
MSI Fast Boot
MSI Live Update
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NaturalReaderFree
Next Car Game: Wreckfest
NVIDIA 3D Vision Controller Driver 347.09
NVIDIA 3D Vision Driver 347.88
NVIDIA Control Panel 347.88
NVIDIA GeForce Experience 2.2.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 347.88
NVIDIA HD Audio Driver 1.3.33.0
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 17.12.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 17.12.8
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.27
OpenAL
Opera 12.14
Opera Stable 28.0.1750.48
Origin
Outlast
Path of Exile
PCSX2 - Playstation 2 Emulator
Peggle Deluxe
Penny Arcade's On the Rain-Slick Precipice of Darkness 3
Pinball FX2
Populous
Portal 2
Prison Architect
PunkBuster Services
Puzzle Agent
Puzzle Agent 2
Qualcomm Atheros Bluetooth Suite (64)
Race The Sun
Rayman Origins
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Resident Evil 4 / Biohazard 4
Resident Evil 5
Resident Evil 6 / Biohazard 6
Resident Evil Revelations / Biohazard Revelations UE
Resident Evil Revelations 2 / Biohazard Revelations 2
Revo Uninstaller Pro 3.1.2
Revolution Under Siege Demo v1.00
RIDE: Game Demo
RivaTuner Statistics Server 6.3.0
Rogue Legacy
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Sentinel
SHIELD Streaming
SHIELD Wireless Controller Driver
Shop for HP Supplies
Sid Meier's Civilization V
Sigils of Elohim
SimCity 4 Deluxe
SimCity™
Sleeping Dogs™
SmartWebPrinting
SolutionCenter
Sonic Generations
StarCraft II
Status
Steam
Super Meat Boy
Surgeon Simulator 2013
Talisman: Digital Edition
Team Fortress 2
Teleglitch: Die More Edition
The Binding of Isaac
The Bridge
The Elder Scrolls V: Skyrim
The Swapper
The Typing of The Dead: Overkill
The Ultimate DOOM
Tom Clancy's Splinter Cell® Blacklist™
Tomb Raider
Toolbox
Torchlight
TrayApp
Tropico 4
Tropico 5
TypingMaster Pro
Unigine Valley Benchmark version 1.0
Unity Web Player
Uplay
Virtual Pool 4 Demo
VLC media player
Vuze
Wargame: AirLand Battle
Warlock 2: the Exiled
WebReg
Winamp
Winamp Detector Plug-in
Wing Commander III
WinRAR
World of Warcraft
X Rebirth
X3: Reunion
Ys I
Zafehouse: Diaries
.
==== Event Viewer Messages From Past Week ========
.
30/03/2015 17:29:50, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 17:29:50, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:22, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
30/03/2015 16:44:22, Error: Service Control Manager [7031] - The ISCT Always Updated Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
30/03/2015 16:44:22, Error: Service Control Manager [7031] - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The MSI_FastBoot service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The IHProtect Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The Fast And Safe service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:06, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
30/03/2015 16:44:06, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/03/2015 16:44:06, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
30/03/2015 16:44:06, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/03/2015 16:44:06, Error: Service Control Manager [7031] - The ISCT Always Updated Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
30/03/2015 16:44:05, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:44:05, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:33:06, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cherimoya
30/03/2015 16:31:26, Error: Service Control Manager [7034] - The Gambali service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:31:25, Error: Service Control Manager [7034] - The FlashBeat service terminated unexpectedly. It has done this 1 time(s).
30/03/2015 16:24:54, Error: Service Control Manager [7034] - The csrcc service terminated unexpectedly. It has done this 1 time(s).
25/03/2015 10:33:31, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureCommand with the following error: Access is denied.
25/03/2015 10:33:30, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
.
==== End Of File ===========================
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm
Advertisement
Register to Remove

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » March 31st, 2015, 12:51 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello TheDoctor46,

My name is mAL_rEm018, but feel free to call me mAL :). I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » April 1st, 2015, 10:53 am

Hello TheDoctor46,

MGA Diagnostics
  • Please download and save the following tool to your desktop Link.
  • Right-click on MGADiag.exe and select Run as Administrator.
  • Select Continue. The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.

Next..

CKScanner
  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..
  • MGADiag.txt
  • CKFiles.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 1st, 2015, 11:45 am

Thanks for your reply

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-W4PW9-FJM79-HR8FH
Windows Product Key Hash: 4ZmzuJ2pAc40uOx+XNWPGjkCono=
Windows Product ID: 00359-112-5201724-85070
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {E0BEFDE1-6999-4E04-8070-7136C651E2AC}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150202-1526
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Opera\launcher.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E0BEFDE1-6999-4E04-8070-7136C651E2AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HR8FH</PKey><PID>00359-112-5201724-85070</PID><PIDType>5</PIDType><SID>S-1-5-21-2940932314-315015785-212226153</SID><SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7751</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V17.6</Version><SMBIOSVersion major="2" minor="7"/><Date>20121219000000.000000+000</Date></BIOS><HWID>92D63807018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-112-520172-00-2057-7600.0000-0662013
Installation ID: 015690667704726404737652490286698442767005884781215932
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HR8FH
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 01/04/2015 16:40:03

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:8:2015 11:42
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAIAAQABAAEAAAADAAAAAgABAAEAHKJUV96UdxbggXI1HjEeYrxDFDGwUPmplmM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
FPDT ALASKA A M I
SSDT Intel_ AoacTabl
SSDT Intel_ AoacTabl
SSDT Intel_ AoacTabl
SSDT Intel_ AoacTabl



CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.OHNAWZ
----- EOF -----
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » April 2nd, 2015, 1:17 am

Hello TheDoctor46,


Note: I noticed that your (B:) drive only has 10% of free space. You should always try to have at least 20-25% of free space on a drive. My advise to you would be to remove softwares/games that you no longer use.
B: is FIXED (NTFS) - 932 GiB total, 94.615 GiB free.


Please answer the following questions..
  1. Did you make the following changes to the policies in your registry?
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: EnableLUA = dword:0
  2. Do you know what the following folder is?
    2015-03-18 13:11:58 -------- d-----w- C:\Users\Raymond\dwhelper
  3. Did you set up a proxy?
    FF - prefs.js: network.proxy.ftp - 189.113.64.126
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - 189.113.64.126
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - 189.113.64.126
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 189.113.64.126
    FF - prefs.js: network.proxy.ssl_port - 8080
  4. Did you set your start Page to yahoo?


Peer-to-peer applications
I see that you are using P2P programs:
Vuze

By using P2P (Peer-to-peer) programs you are giving direct access to your computer to malware creators. You probably were infected by using P2P programs! This forum does not condone or tolerate the use of P2P programs. This is clearly stated in the following topic (which you should have read prior to posting your logs) HOW TO GET HELP IN THIS FORUM - everyone must read this. Now you have two choices:
  1. You can refuse to remove Vuze, however this topic will be closed and you will not receive any help.
  2. you can remove it, but please keep in mind, that if in the future you ask for our help and we see presence of P2P programs, we will not help you, because this would be a waste of our time as well as yours, since you will certainly get reinfected again.
    Let me know your decision in next post.


Next..


Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    Vuze
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
Note: you can only remove one program at a time.


Please run the following scan..
  • Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.

I'd also like you to run a search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;luckysearches;lucky searches

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • Answer to my questions.
  • FRST.txt
  • Addition.txt
  • Search.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 2nd, 2015, 3:35 am

Vuze is uninstalled.

Did you make the following changes to the policies in your registry?
I am unlikely to have edited the registry values myself. However since I don't know what those values refer to I can't say. I have probably disabled some annoying notifications that are present in Windows. If you want to re-enable them I can tell you if I've disabled them based on their effect.

Do you know what the following folder is?
Yes, It's the download location of an add-on used to save videos from sites such as youtube.

Did you set up a proxy?
I don't use a proxy, nor have I manually configured one in windows.

Did you set your start Page to yahoo?
Yes, it's my homepage on several browsers.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Raymond (administrator) on RMWD-Z77 on 02-04-2015 08:19:35
Running from B:\Users\Raymond\Desktop
Loaded Profiles: Raymond (Available profiles: Raymond)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Curse) C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-08-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-11] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {8095312a-039c-11e4-8021-d43d7e2bd256} - E:\RUS-Setup.exe
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {b6679233-9614-11e3-986f-d43d7e2bd256} - E:\CMADownloader.exe
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)
Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2940932314-315015785-212226153-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default
FF DefaultSearchUrl: https://uk.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://uk.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://uk.search.yahoo.com/yhs/search
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "189.113.64.126"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "189.113.64.126"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "189.113.64.126"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "189.113.64.126"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940932314-315015785-212226153-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raymond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-05-07] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\searchplugins\yahoo-avast.xml [2015-03-30]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-11-08]
FF Extension: Video DownloadHelper - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-19]
FF HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-07]

Opera:
=======
OPR Extension: (CinemaP-1.4cV30.03) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-03-30]
OPR Extension: (Enhanced Steam) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\nocljnglnafkiegpgejigocoffiopoma [2015-01-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [344288 2015-03-20] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (Micro-Star International)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
S3 Origin Client Service; B:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-20] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-06] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-31] (Qualcomm Atheros)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2015-03-30] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-04] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-16] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-02] ()
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 08:19 - 2015-04-02 08:19 - 00000000 ____D () C:\FRST
2015-04-01 16:40 - 2015-04-01 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-04-01 16:40 - 2015-04-01 16:40 - 00000000 ____D () C:\MGADiagToolOutput
2015-04-01 13:20 - 2015-04-01 13:20 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
2015-03-30 18:05 - 2015-03-30 18:20 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 18:05 - 2015-03-30 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-30 18:05 - 2015-03-30 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-30 18:05 - 2015-03-30 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 18:05 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 18:05 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-30 18:05 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-30 17:30 - 2015-03-30 17:30 - 00000000 _____ () C:\autoexec.bat
2015-03-30 17:22 - 2015-04-02 07:58 - 00021664 _____ () C:\Windows\PFRO.log
2015-03-30 17:22 - 2015-04-02 07:58 - 00001512 _____ () C:\Windows\setupact.log
2015-03-30 17:22 - 2015-03-30 17:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-30 16:43 - 2015-03-30 16:46 - 00000000 ____D () C:\AdwCleaner
2015-03-30 16:22 - 2015-03-30 16:25 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-30 16:16 - 2015-03-30 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\Users\Raymond\AppData\Local\VS Revo Group
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-30 16:16 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-30 16:05 - 2015-03-30 18:12 - 00000000 ____D () C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af
2015-03-30 16:05 - 2015-03-30 16:05 - 00003566 _____ () C:\Windows\System32\Tasks\YFBLWJRIHX
2015-03-30 16:05 - 2015-03-30 16:05 - 00000000 ____D () C:\ProgramData\34835439b53c4b5dafc5b63b4bf06108
2015-03-30 15:59 - 2015-04-02 07:58 - 00001346 _____ () C:\Windows\Tasks\ZXRHES.job
2015-03-30 15:59 - 2015-04-02 07:58 - 00001346 _____ () C:\Windows\Tasks\JZXRBT.job
2015-03-30 15:59 - 2015-03-30 18:12 - 00000000 ____D () C:\Program Files (x86)\0915e3e3-e251-44b8-8621-f8893f12f5a4
2015-03-30 15:59 - 2015-03-30 15:59 - 00004376 _____ () C:\Windows\System32\Tasks\ZXRHES
2015-03-30 15:59 - 2015-03-30 15:59 - 00004376 _____ () C:\Windows\System32\Tasks\JZXRBT
2015-03-30 15:59 - 2015-03-30 15:59 - 00000000 ____D () C:\ProgramData\7349012640429361576
2015-03-30 13:12 - 2015-03-30 13:14 - 00014480 _____ () C:\Windows\system32\Drivers\nvflash.sys
2015-03-30 13:00 - 2015-03-30 13:00 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-03-30 12:26 - 2015-03-30 12:26 - 00003416 _____ () C:\Windows\System32\Tasks\EVGAPrecisionX
2015-03-29 14:02 - 2013-05-05 16:32 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2015-03-28 17:30 - 2015-03-30 22:07 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-03-28 17:29 - 2015-03-28 17:29 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Futuremark
2015-03-28 17:27 - 2015-03-28 17:27 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-03-27 13:33 - 2015-03-27 13:37 - 00000000 ____D () C:\Users\Raymond\Valley
2015-03-26 20:14 - 2015-03-26 20:14 - 00005542 _____ () C:\Users\Raymond\AppData\Roaming\ZXRHES
2015-03-26 20:14 - 2015-03-26 20:14 - 00004185 _____ () C:\Users\Raymond\AppData\Roaming\JZXRBT
2015-03-25 23:00 - 2015-03-26 14:02 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\NVIDIA
2015-03-25 14:00 - 2015-03-31 20:33 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-25 14:00 - 2015-03-25 14:00 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-03-25 13:54 - 2015-03-25 13:54 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2015-03-25 13:54 - 2015-03-25 13:54 - 00000000 ____D () C:\GvTemp
2015-03-25 08:29 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 08:29 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 08:29 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 08:29 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 08:29 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 08:29 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 08:29 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 08:29 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-21 22:26 - 2015-03-21 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 08:51 - 2015-04-02 07:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 08:51 - 2015-03-25 19:00 - 00000000 ____D () C:\Users\Raymond\AppData\Local\NVIDIA
2015-03-19 08:51 - 2015-03-19 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-19 08:51 - 2015-03-13 20:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-19 08:51 - 2015-03-13 20:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-19 08:51 - 2015-03-13 20:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-19 08:51 - 2015-03-13 20:41 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-19 08:51 - 2015-03-13 17:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-19 08:51 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-19 08:51 - 2015-03-11 14:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-19 08:50 - 2015-03-13 20:41 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-19 08:50 - 2015-03-13 20:41 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-19 08:49 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-19 08:49 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-19 08:49 - 2015-03-13 20:41 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-18 14:11 - 2015-03-18 14:11 - 00000000 ____D () C:\Users\Raymond\dwhelper
2015-03-16 17:49 - 2015-03-16 17:49 - 00000000 ____D () C:\Program Files (x86)\Reddit Link Opener
2015-03-12 09:43 - 2015-04-02 07:58 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Colossal Order
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\.mono
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Colossal Order
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\ProgramData\.mono
2015-03-11 09:44 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:44 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:44 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:44 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:44 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 09:44 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 09:44 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 09:44 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 09:44 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:44 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 09:44 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 09:44 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:44 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:44 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 09:44 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:44 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 09:44 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:44 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:44 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:44 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:44 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:44 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:44 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:44 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 09:44 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 09:44 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 09:44 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 09:44 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 09:44 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 09:44 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 09:44 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 09:44 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 09:44 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:44 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:44 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 09:44 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:44 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:44 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:44 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 09:43 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:43 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:43 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:43 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:43 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:43 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:43 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:43 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 09:43 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 09:43 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 09:43 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 09:43 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 09:43 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 09:43 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:43 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:43 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 09:43 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:43 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 09:43 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 09:43 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 09:43 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 09:43 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:43 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 09:43 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:43 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:43 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:43 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:43 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:43 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:43 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:43 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:43 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:43 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:43 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:43 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:43 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:43 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:43 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:43 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 09:43 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:43 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:43 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 09:43 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:43 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 09:43 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 09:43 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 09:43 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:43 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 09:43 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 09:43 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 09:43 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 09:43 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 09:43 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 09:43 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:43 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:43 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:43 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:43 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:43 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 09:43 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 09:43 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 09:43 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:43 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 09:43 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 09:43 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 09:43 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:43 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:43 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 09:43 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 09:43 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 09:43 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:43 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 09:43 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:43 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 09:43 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:43 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:43 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-06 08:53 - 2015-03-30 18:12 - 00000000 ____D () C:\Program Files\SSofttCoUp
2015-03-05 20:33 - 2015-03-05 20:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-05 20:33 - 2015-03-05 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-05 20:33 - 2015-03-05 20:33 - 00000000 ____D () C:\Program Files\Java
2015-03-05 20:32 - 2015-03-05 20:32 - 00000000 _____ () C:\Windows\SysWOW64\RENDF72.tmp
2015-03-05 20:32 - 2015-03-05 20:32 - 00000000 _____ () C:\Windows\SysWOW64\REN76D1.tmp
2015-03-05 20:31 - 2015-03-05 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-05 20:31 - 2015-03-05 20:31 - 00000000 ____D () C:\ProgramData\Sun

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 08:09 - 2013-03-07 17:43 - 00000000 ____D () C:\Program Files\Vuze
2015-04-02 08:09 - 2013-03-07 14:55 - 01129614 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 08:05 - 2009-07-14 05:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 08:05 - 2009-07-14 05:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 08:04 - 2009-07-14 06:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 07:58 - 2014-01-15 17:08 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 07:58 - 2013-11-30 10:24 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Deployment
2015-04-02 07:58 - 2013-03-07 15:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-04-02 07:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 22:24 - 2013-03-07 22:11 - 00003026 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-04-01 22:20 - 2013-11-19 09:18 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Battle.net
2015-04-01 21:55 - 2013-03-11 14:45 - 00000000 ____D () C:\Users\Raymond\AppData\Local\CrashDumps
2015-04-01 21:43 - 2014-01-15 17:08 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 21:30 - 2013-03-22 09:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 16:37 - 2013-03-07 17:29 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\vlc
2015-04-01 13:20 - 2013-03-14 09:23 - 00000000 __SHD () C:\Users\Public\DRM
2015-03-31 22:43 - 2013-03-07 20:04 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-31 22:26 - 2013-08-08 13:57 - 02128896 _____ () C:\Users\Raymond\AppData\Local\file__0.localstorage
2015-03-30 18:12 - 2015-01-06 09:31 - 00000000 ____D () C:\ProgramData\deoaal2dEAlit
2015-03-30 18:12 - 2015-01-06 09:31 - 00000000 ____D () C:\ProgramData\AAppToU
2015-03-30 18:12 - 2014-10-19 14:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-30 18:12 - 2014-10-07 08:15 - 00000000 ____D () C:\ProgramData\dealPeakk
2015-03-30 18:12 - 2014-09-13 08:42 - 00000000 ____D () C:\ProgramData\PRoSahopPer
2015-03-30 18:12 - 2014-08-08 07:48 - 00000000 ____D () C:\ProgramData\topdieaaL
2015-03-30 18:12 - 2014-07-25 08:37 - 00000000 ____D () C:\ProgramData\CuoupScannneir
2015-03-30 17:19 - 2013-10-02 18:32 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 17:19 - 2013-03-07 17:43 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Azureus
2015-03-30 16:51 - 2013-03-07 20:45 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-30 16:23 - 2015-01-21 09:27 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 28.lnk
2015-03-30 16:23 - 2013-03-07 14:56 - 00001413 _____ () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-30 15:58 - 2013-03-07 16:11 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-30 08:53 - 2013-03-07 20:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-28 21:36 - 2013-10-04 20:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-28 13:24 - 2013-10-18 19:39 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Milestone
2015-03-27 23:17 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-27 13:33 - 2013-03-07 14:55 - 00000000 ____D () C:\Users\Raymond
2015-03-27 13:32 - 2013-08-08 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2015-03-25 19:00 - 2013-12-03 15:57 - 00000000 ____D () C:\Users\Raymond\AppData\Local\NVIDIA Corporation
2015-03-25 13:57 - 2013-03-07 15:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-25 11:23 - 2014-12-11 09:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 11:23 - 2014-04-23 15:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 09:16 - 2014-09-12 15:00 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Adobe
2015-03-24 09:16 - 2013-03-22 09:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-24 09:16 - 2013-03-07 17:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-24 09:16 - 2013-03-07 17:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 19:44 - 2014-06-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Europa Universalis IV
2015-03-23 09:00 - 2013-03-07 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-19 08:52 - 2013-10-22 08:15 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-19 08:51 - 2013-03-07 15:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 08:51 - 2013-03-07 15:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-19 08:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-18 18:48 - 2015-01-18 09:48 - 00003830 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421570934
2015-03-18 18:48 - 2013-03-07 16:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-16 17:49 - 2014-12-12 16:30 - 00000000 ____D () C:\ProgramData\7349012640429361576UL
2015-03-15 22:43 - 2013-07-15 07:28 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\tropico 4
2015-03-15 19:18 - 2014-06-21 22:39 - 00000000 ____D () C:\Program Files (x86)\Hearts of Iron 3
2015-03-12 18:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 09:44 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 09:43 - 2009-07-14 05:45 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 00:06 - 2013-07-26 07:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:03 - 2013-03-07 15:49 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 08:53 - 2015-03-02 09:20 - 00000000 ____D () C:\Program Files\SofftCoup
2015-03-06 08:53 - 2015-03-02 09:20 - 00000000 ____D () C:\Program Files\eaasytoshop
2015-03-03 14:17 - 2013-03-07 15:53 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-02-22 17:58 - 2015-02-22 17:58 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-03-26 20:14 - 2015-03-26 20:14 - 0004185 _____ () C:\Users\Raymond\AppData\Roaming\JZXRBT
2015-03-26 20:14 - 2015-03-26 20:14 - 0005542 _____ () C:\Users\Raymond\AppData\Roaming\ZXRHES
2013-08-08 13:57 - 2015-03-31 22:26 - 2128896 _____ () C:\Users\Raymond\AppData\Local\file__0.localstorage
2013-11-08 21:31 - 2013-11-08 21:31 - 0007602 _____ () C:\Users\Raymond\AppData\Local\Resmon.ResmonCfg
2015-03-30 16:36 - 2015-03-30 16:36 - 0011746 _____ () C:\Users\Raymond\AppData\Local\Temp-log.txt
2013-08-06 13:10 - 2015-01-28 12:31 - 0008221 _____ () C:\ProgramData\hpzinstall.log
2015-01-07 14:22 - 2015-01-07 14:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-10-04 20:34 - 2014-10-04 20:34 - 0000258 ____H () C:\ProgramData\tmaster8.net

Some content of TEMP:
====================
C:\Users\Raymond\AppData\Local\Temp\CloudBackup1662.exe
C:\Users\Raymond\AppData\Local\Temp\ddacabfcdja.exe
C:\Users\Raymond\AppData\Local\Temp\GIGABYTE G1 970 GM204 GSv1.rom__10924_i1488527051_il132762.exe
C:\Users\Raymond\AppData\Local\Temp\i4jdel0.exe
C:\Users\Raymond\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 14:51

==================== End Of Log ============================
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 2nd, 2015, 3:36 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Raymond at 2015-04-02 08:19:55
Running from B:\Users\Raymond\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome (HKLM-x32\...\Steam App 15560) (Version: - )
Aarklash: Legacy (HKLM-x32\...\Steam App 222640) (Version: - Cyanide Studio)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version: - Triumph Studios)
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version: - Arcen Games, LLC)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Arsenal of Democracy (HKLM-x32\...\Steam App 42850) (Version: - BL-Logic)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0 - Atheros)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)
Blood Bowl: Chaos Edition (HKLM-x32\...\Steam App 216890) (Version: - Cyanide Studios)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Steam App 234080) (Version: - MercurySteam - Climax Studios)
Castlevania: Lords of Shadow 2 Demo (HKLM-x32\...\Steam App 273130) (Version: - MercurySteam)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chainsaw Warrior (HKLM-x32\...\Steam App 251710) (Version: - Auroch Digital)
Circuits (HKLM-x32\...\Steam App 282760) (Version: - Digital Tentacle)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version: - Focus Home Interactive)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox)
Curse Client (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Danmaku Unlimited 2 (HKLM-x32\...\Steam App 280560) (Version: - Doragon Entertainment)
Democracy 2 (HKLM-x32\...\Steam App 218040) (Version: - Positech Games)
Depths of Peril (HKLM-x32\...\Steam App 23600) (Version: - Soldak Entertainment, Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Desura (HKLM-x32\...\Desura) (Version: 100.55 - Desura)
Desura: Talisman Prologue (HKLM-x32\...\Desura_83008832929824) (Version: Full - Nomad Games Limited)
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version: - Capcom)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version: - Codemasters Racing Studio)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
DuckTales Remastered (HKLM-x32\...\Steam App 237630) (Version: - WayForward)
Dungeons & Dragons: Chronicles of Mystara (HKLM-x32\...\Steam App 229480) (Version: - Iron Galaxy Studios)
Dungeons and Dragons Anthology: The Master Collection (HKLM-x32\...\{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}) (Version: 1.0.0 - Atari)
Eador. Masters of the Broken World (HKLM-x32\...\Steam App 232050) (Version: - Snowbird Games)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version: - Monolith )
F.E.A.R.: Extraction Point (HKLM-x32\...\Steam App 21110) (Version: - Monolith )
F.E.A.R.: Perseus Mandate (HKLM-x32\...\Steam App 21120) (Version: - Monolith )
F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{79659071-4B68-4EC8-833C-49C97B68FCD0}) (Version: 4.36.512.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HHD Software Hex Editor Neo 6.10 (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.10.5.5341 - HHD Software, Ltd.)
Hitman 2: Silent Assassin (HKLM-x32\...\Steam App 6850) (Version: - IO Interactive)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - )
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Karaoke Sound Tools 2 (HKLM-x32\...\{7FD9BDEA-CCE1-40AB-8754-43810BA64CAA}_is1) (Version: - Doblon)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
La-Mulana (HKLM-x32\...\Steam App 230700) (Version: - NIGORO)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version: - Almost Human Games)
Livestreamer 1.10.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Max Payne (HKLM-x32\...\Steam App 12140) (Version: - Remedy Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.1.0 - Ubisoft)
Might & Magic VI (HKLM-x32\...\Steam App 243380) (Version: - )
Might & Magic X - Legacy (HKLM-x32\...\Steam App 238750) (Version: - Ubisoft)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MotoGP™14 Demo (HKLM-x32\...\Steam App 298000) (Version: - Milestone S.r.l.)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.5 - MSI)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NaturalReaderFree (HKLM-x32\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera 12.14 (HKLM-x32\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5864) (Version: - )
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version: - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version: - )
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Puzzle Agent (HKLM-x32\...\Steam App 31270) (Version: - Telltale Games)
Puzzle Agent 2 (HKLM-x32\...\Steam App 94590) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
Rayman Origins (HKLM-x32\...\Steam App 207490) (Version: - UBIart Montpellier)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Resident Evil 4 / Biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)
Resident Evil 5 (HKLM-x32\...\Steam App 21690) (Version: - Capcom)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version: - Capcom)
Resident Evil Revelations / Biohazard Revelations UE (HKLM-x32\...\Steam App 222480) (Version: - )
Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version: - CAPCOM Co., Ltd.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Revolution Under Siege Demo v1.00 (HKLM-x32\...\Revolution under Siege Demo_is1) (Version: - SEP RED)
RIDE: Game Demo (HKLM-x32\...\Steam App 355660) (Version: - Milestone S.r.l.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Sentinel (HKLM-x32\...\Steam App 293200) (Version: - Matthew Brown)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version: - Croteam)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - Maxis)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Bridge (HKLM-x32\...\Steam App 204240) (Version: - Ty Taylor and Mario Castañeda)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version: - Modern Dream)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version: - id Software)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.02 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity Web Player (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Virtual Pool 4 Demo (HKLM-x32\...\{76EA761E-E91A-4715-8511-12B7707E53BF}) (Version: 4.1.2.5 - Celeris)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version: - Eugen Systems)
Warlock 2: the Exiled (HKLM-x32\...\Steam App 205990) (Version: - Ino-Co Plus)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR (HKLM-x32\...\WinRAR) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft)
X3: Reunion (HKLM-x32\...\Steam App 2810) (Version: - Egosoft)
Ys I (HKLM-x32\...\Steam App 223810) (Version: - Nihon Falcom)
Zafehouse: Diaries (HKLM-x32\...\Steam App 249360) (Version: - Screwfly)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{17eaa3cb-0208-4e55-8bc1-c57110b53533}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Restore Points =========================

29-03-2015 10:51:40 Windows Update
29-03-2015 14:04:08 Device Driver Package Install: Scarlet.Crush Productions System devices
30-03-2015 16:28:23 Revo Uninstaller Pro's restore point - CinemaP-1.4cV30.03
30-03-2015 16:30:29 Revo Uninstaller Pro's restore point - FlashBeat
30-03-2015 16:35:55 Revo Uninstaller Pro's restore point - ProiceLesS
30-03-2015 16:37:12 Revo Uninstaller Pro's restore point - luckysearches
30-03-2015 16:37:34 Revo Uninstaller Pro's restore point - shopperz
01-04-2015 13:19:53 Removed HHD Software Free Hex Editor Neo 5.14
01-04-2015 13:20:17 Installed HHD Software Hex Editor Neo 6.10
02-04-2015 08:09:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEE969B-5054-42C3-B148-FFC50520FC75} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {0FB67963-5EFD-4B46-BA2F-BFF866D43E33} - System32\Tasks\ZXRHES => C:\Users\Raymond\AppData\Roaming\ZXRHES.exe <==== ATTENTION
Task: {26B7531E-EB51-4491-B45B-BF4A77F6D54E} - System32\Tasks\EVGAPrecisionX => B:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
Task: {356BE0B7-0883-4D19-B29E-067394B74028} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {46641001-3862-4712-8C42-01A784CF569B} - System32\Tasks\Opera scheduled Autoupdate 1421570934 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {659C71B7-2EDA-47A8-A0DD-FF3A49464469} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {691FAA8F-C512-46DA-AF1C-09598B9F9448} - System32\Tasks\CCleanerSkipUAC => B:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {701040E2-A6CD-4C3B-B6BF-055F3BCBB88D} - System32\Tasks\{50AD9756-DB3B-4B72-B9E8-F1DA072B203D} => pcalua.exe -a B:\Users\Raymond\Desktop\widescreen-v3.05.exe -d B:\Users\Raymond\Desktop
Task: {B0702A9C-72EF-45C4-A7E8-3B88D34C1686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {B242376C-2666-44FA-8AEB-4B5C57DAA49C} - System32\Tasks\YFBLWJRIHX => C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af\ff90775ae4034b8bae4796d6b45dd9af.exe
Task: {C1A1D337-979F-4349-95A2-14D713BCCEB5} - System32\Tasks\JZXRBT => C:\Users\Raymond\AppData\Roaming\JZXRBT.exe <==== ATTENTION
Task: {F0F8E87D-C805-419C-92D2-F9525F2E0CDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JZXRBT.job => C:\Users\Raymond\AppData\Roaming\JZXRBT.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZXRHES.job => C:\Users\Raymond\AppData\Roaming\ZXRHES.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-19 08:51 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-30 19:07 - 2014-11-09 12:37 - 00402432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2007-10-19 22:38 - 2006-12-11 03:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-08-16 21:36 - 2012-08-16 21:36 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-08-16 21:36 - 2012-08-16 21:36 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-12-06 08:03 - 2014-12-06 08:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2012-08-31 17:44 - 2012-08-31 17:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2013-03-07 15:25 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-03-07 15:25 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-10-11 20:20 - 2013-11-06 16:00 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-09 21:26 - 2014-10-09 21:26 - 00016384 ____N () C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2013-11-30 10:25 - 2013-11-30 10:25 - 00035840 _____ () C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00197632 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2014-12-06 08:01 - 2014-12-06 08:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-08-30 19:07 - 2014-11-09 12:37 - 00356864 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2014-10-19 14:08 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2013-03-07 15:25 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2014-10-16 17:53 - 2014-10-16 17:53 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\6db28a56705777a05ce7d52fe5367afb\PSIClient.ni.dll
2014-06-15 11:25 - 2013-09-17 03:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2015-03-24 09:16 - 2015-03-24 09:16 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2940932314-315015785-212226153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER

==================== Accounts: =============================

Administrator (S-1-5-21-2940932314-315015785-212226153-500 - Administrator - Disabled)
Guest (S-1-5-21-2940932314-315015785-212226153-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2940932314-315015785-212226153-1002 - Limited - Enabled)
Raymond (S-1-5-21-2940932314-315015785-212226153-1000 - Administrator - Enabled) => C:\Users\Raymond

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 08:09:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {b3ef0aa6-c941-45c2-9547-1f8ad63f9e49}

Error: (04/01/2015 09:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0xeb0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/01/2015 07:23:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: insurgency.exe, version: 0.0.0.0, time stamp: 0x55158b2c
Faulting module name: chromehtml.dll, version: 0.0.0.0, time stamp: 0x5510a713
Exception code: 0xc0000005
Fault offset: 0x0001fe35
Faulting process id: 0x1730
Faulting application start time: 0xinsurgency.exe0
Faulting application path: insurgency.exe1
Faulting module path: insurgency.exe2
Report Id: insurgency.exe3

Error: (04/01/2015 07:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: insurgency.exe, version: 0.0.0.0, time stamp: 0x55158b2c
Faulting module name: tier0.dll, version: 0.0.0.0, time stamp: 0x5510a671
Exception code: 0x40000015
Fault offset: 0x0001e991
Faulting process id: 0x1730
Faulting application start time: 0xinsurgency.exe0
Faulting application path: insurgency.exe1
Faulting module path: insurgency.exe2
Report Id: insurgency.exe3

Error: (04/01/2015 01:20:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cd010986-4601-4360-9ce9-4acd088b2ef3}

Error: (04/01/2015 01:19:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cd010986-4601-4360-9ce9-4acd088b2ef3}

Error: (03/30/2015 04:37:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {77f6df82-1c38-4c5f-8148-d10bf1dd2a62}

Error: (03/30/2015 04:37:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {77f6df82-1c38-4c5f-8148-d10bf1dd2a62}

Error: (03/30/2015 04:37:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6bd8c711-8d07-45b4-afb1-289b5df599cb}

Error: (03/30/2015 04:37:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {77f6df82-1c38-4c5f-8148-d10bf1dd2a62}


System errors:
=============
Error: (04/01/2015 06:52:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (04/01/2015 06:52:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/30/2015 05:29:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2015 05:29:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2015 04:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ISCT Always Updated Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/30/2015 04:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/30/2015 04:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/30/2015 04:44:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/30/2015 04:44:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2015 04:44:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/02/2015 08:09:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {b3ef0aa6-c941-45c2-9547-1f8ad63f9e49}

Error: (04/01/2015 09:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02eb001d06c936c5a21a6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7307b4ea-d8b1-11e4-adf5-d43d7e2bd256

Error: (04/01/2015 07:23:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: insurgency.exe0.0.0.055158b2cchromehtml.dll0.0.0.05510a713c00000050001fe35173001d06ca45c20ca21B:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exeb:\program files (x86)\steam\steamapps\common\insurgency2\bin\chromehtml.dll411a20e0-d89c-11e4-adf5-d43d7e2bd256

Error: (04/01/2015 07:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: insurgency.exe0.0.0.055158b2ctier0.dll0.0.0.05510a671400000150001e991173001d06ca45c20ca21B:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exeB:\Program Files (x86)\Steam\steamapps\common\insurgency2\bin\tier0.dll3d0db133-d89c-11e4-adf5-d43d7e2bd256

Error: (04/01/2015 01:20:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cd010986-4601-4360-9ce9-4acd088b2ef3}

Error: (04/01/2015 01:19:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cd010986-4601-4360-9ce9-4acd088b2ef3}

Error: (03/30/2015 04:37:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {77f6df82-1c38-4c5f-8148-d10bf1dd2a62}

Error: (03/30/2015 04:37:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {77f6df82-1c38-4c5f-8148-d10bf1dd2a62}

Error: (03/30/2015 04:37:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6bd8c711-8d07-45b4-afb1-289b5df599cb}

Error: (03/30/2015 04:37:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {77f6df82-1c38-4c5f-8148-d10bf1dd2a62}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16330.77 MB
Available physical RAM: 13145.83 MB
Total Pagefile: 32659.72 MB
Available Pagefile: 29253.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive b: (HDD) (Fixed) (Total:931.51 GB) (Free:90.36 GB) NTFS
Drive c: (SSD) (Fixed) (Total:119.14 GB) (Free:47.95 GB) NTFS
Drive e: (Revolution Under) (CDROM) (Total:0.94 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F2E97AA1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A06837A4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================




Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Raymond at 2015-04-02 08:31:11
Running from B:\Users\Raymond\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;luckysearches;lucky searches" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"


===================== Search result for "luckysearches" ==========

[HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Opera Software]
"Last CommandLine v2"="C:\Program Files (x86)\Opera\opera.exe http://www.luckysearches.com/?type=sc&t ... NEAC812014"

====== End Of Search ======
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » April 3rd, 2015, 1:36 am

Hello TheDoctor46,

I am still reviewing you logs. I will post back as soon as possible.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » April 3rd, 2015, 10:31 am

Hello TheDoctor46,


While analysing your logs I noticed the following:
CHR dev: Chrome dev build detected! <======= ATTENTION

It is very likely that the malware on your computer has modified your Chrome browser. If you have chosen the "dev" build, then by all means keep it, however if you were unaware of this please follow the steps below..


Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    Google Chrome
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
Note: Do not re-install Chrome before we finish cleaning your computer.



Uploading files to Jotti
  • Please click on the following link http://virusscan.jotti.org/en
  • Select Browse.
  • Go to the following locations on your computer:
    C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af\ff90775ae4034b8bae4796d6b45dd9af.exe
    C:\Program Files (x86)\prefs.js
  • Click on Open and then Submit file.
  • When the scan is finished copy and paste the web address in your following post.
    Note: you can only upload one file at a time.


Please answer the following question..
  • Did you install the following Opera extension?
OPR Extension: (CinemaP-1.4cV30.03) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-03-30]



Next..


Backup your registry using TCRB
  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


Please run the following fix..
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {8095312a-039c-11e4-8021-d43d7e2bd256} - E:\RUS-Setup.exe
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {b6679233-9614-11e3-986f-d43d7e2bd256} - E:\CMADownloader.exe
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2940932314-315015785-212226153-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://uk.yahoo.com/?fr=hp-avast&type=agc511
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "189.113.64.126"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "189.113.64.126"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "189.113.64.126"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "189.113.64.126"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\searchplugins\yahoo-avast.xml [2015-03-30]
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
Task: {0FB67963-5EFD-4B46-BA2F-BFF866D43E33} - System32\Tasks\ZXRHES => C:\Users\Raymond\AppData\Roaming\ZXRHES.exe <==== ATTENTION
Task: {C1A1D337-979F-4349-95A2-14D713BCCEB5} - System32\Tasks\JZXRBT => C:\Users\Raymond\AppData\Roaming\JZXRBT.exe <==== ATTENTION
Task: C:\Windows\Tasks\JZXRBT.job => C:\Users\Raymond\AppData\Roaming\JZXRBT.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZXRHES.job => C:\Users\Raymond\AppData\Roaming\ZXRHES.exe <==== ATTENTION
2015-03-06 08:53 - 2015-03-30 18:12 - 00000000 ____D () C:\Program Files\SSofttCoUp
2015-03-06 08:53 - 2015-03-02 09:20 - 00000000 ____D () C:\Program Files\SofftCoup
2015-03-06 08:53 - 2015-03-02 09:20 - 00000000 ____D () C:\Program Files\eaasytoshop
2015-03-30 18:12 - 2015-01-06 09:31 - 00000000 ____D () C:\ProgramData\deoaal2dEAlit
2015-03-30 18:12 - 2015-01-06 09:31 - 00000000 ____D () C:\ProgramData\AAppToU
2015-03-30 18:12 - 2014-10-07 08:15 - 00000000 ____D () C:\ProgramData\dealPeakk
2015-03-30 18:12 - 2014-09-13 08:42 - 00000000 ____D () C:\ProgramData\PRoSahopPer
2015-03-30 18:12 - 2014-08-08 07:48 - 00000000 ____D () C:\ProgramData\topdieaaL
2015-03-30 18:12 - 2014-07-25 08:37 - 00000000 ____D () C:\ProgramData\CuoupScannneir
2015-04-02 08:09 - 2013-03-07 17:43 - 00000000 ____D () C:\Program Files\Vuze
2015-03-30 17:19 - 2013-03-07 17:43 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Azureus
2015-03-30 15:59 - 2015-04-02 07:58 - 00001346 _____ () C:\Windows\Tasks\ZXRHES.job
2015-03-30 15:59 - 2015-04-02 07:58 - 00001346 _____ () C:\Windows\Tasks\JZXRBT.job
2015-03-30 15:59 - 2015-03-30 15:59 - 00004376 _____ () C:\Windows\System32\Tasks\ZXRHES
2015-03-30 15:59 - 2015-03-30 15:59 - 00004376 _____ () C:\Windows\System32\Tasks\JZXRBT
2015-03-26 20:14 - 2015-03-26 20:14 - 00005542 _____ () C:\Users\Raymond\AppData\Roaming\ZXRHES
2015-03-26 20:14 - 2015-03-26 20:14 - 00004185 _____ () C:\Users\Raymond\AppData\Roaming\JZXRBT
C:\PROGRA~3\FASTAN~1
C:\Program Files\FineDeaeLSoft
C:\Windows\SysWOW64\RENDF72.tmp
C:\Windows\SysWOW64\REN76D1.tmp
C:\Users\Raymond\AppData\Local\Temp\CloudBackup1662.exe
C:\Users\Raymond\AppData\Local\Temp\ddacabfcdja.exe
C:\Users\Raymond\AppData\Local\Temp\GIGABYTE G1 970 GM204 GSv1.rom__10924_i1488527051_il132762.exe
C:\Users\Raymond\AppData\Local\Temp\i4jdel0.exe
C:\Users\Raymond\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe
AlternateDataStreams: C:\Users\Public\DRM:??????
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Opera Software" /v "Last CommandLine v2" /f
Reg: reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Reg: reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"


    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • Did you uninstall Chrome?
  • Answer to my question.
  • Jotti links.
  • fixlog.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 3rd, 2015, 1:07 pm

I've uninstalled Chrome. I don't use it anyway.



Did you install the following Opera extension?
OPR Extension: (CinemaP-1.4cV30.03) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-03-30]

No I use three extensions and that is not one of them.



Jotti
This file "C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af\ff90775ae4034b8bae4796d6b45dd9af.exe" returned a file not found error when trying to open it in jotti (I've also checked the folder manually and it's empty)

This file "C:\Program Files (x86)\prefs.js" returned this log http://virusscan.jotti.org/en/scanresul ... 27fa010fab



Fixlist ran fine in FRST. Here's the fixlog;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Raymond at 2015-04-03 17:58:40 Run:1
Running from B:\Users\Raymond\Desktop\FRST
Loaded Profiles: Raymond (Available profiles: Raymond)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {8095312a-039c-11e4-8021-d43d7e2bd256} - E:\RUS-Setup.exe
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {b6679233-9614-11e3-986f-d43d7e2bd256} - E:\CMADownloader.exe
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2940932314-315015785-212226153-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://uk.yahoo.com/?fr=hp-avast&type=agc511
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "189.113.64.126"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "189.113.64.126"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "189.113.64.126"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "189.113.64.126"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\searchplugins\yahoo-avast.xml [2015-03-30]
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
Task: {0FB67963-5EFD-4B46-BA2F-BFF866D43E33} - System32\Tasks\ZXRHES => C:\Users\Raymond\AppData\Roaming\ZXRHES.exe <==== ATTENTION
Task: {C1A1D337-979F-4349-95A2-14D713BCCEB5} - System32\Tasks\JZXRBT => C:\Users\Raymond\AppData\Roaming\JZXRBT.exe <==== ATTENTION
Task: C:\Windows\Tasks\JZXRBT.job => C:\Users\Raymond\AppData\Roaming\JZXRBT.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZXRHES.job => C:\Users\Raymond\AppData\Roaming\ZXRHES.exe <==== ATTENTION
2015-03-06 08:53 - 2015-03-30 18:12 - 00000000 ____D () C:\Program Files\SSofttCoUp
2015-03-06 08:53 - 2015-03-02 09:20 - 00000000 ____D () C:\Program Files\SofftCoup
2015-03-06 08:53 - 2015-03-02 09:20 - 00000000 ____D () C:\Program Files\eaasytoshop
2015-03-30 18:12 - 2015-01-06 09:31 - 00000000 ____D () C:\ProgramData\deoaal2dEAlit
2015-03-30 18:12 - 2015-01-06 09:31 - 00000000 ____D () C:\ProgramData\AAppToU
2015-03-30 18:12 - 2014-10-07 08:15 - 00000000 ____D () C:\ProgramData\dealPeakk
2015-03-30 18:12 - 2014-09-13 08:42 - 00000000 ____D () C:\ProgramData\PRoSahopPer
2015-03-30 18:12 - 2014-08-08 07:48 - 00000000 ____D () C:\ProgramData\topdieaaL
2015-03-30 18:12 - 2014-07-25 08:37 - 00000000 ____D () C:\ProgramData\CuoupScannneir
2015-04-02 08:09 - 2013-03-07 17:43 - 00000000 ____D () C:\Program Files\Vuze
2015-03-30 17:19 - 2013-03-07 17:43 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Azureus
2015-03-30 15:59 - 2015-04-02 07:58 - 00001346 _____ () C:\Windows\Tasks\ZXRHES.job
2015-03-30 15:59 - 2015-04-02 07:58 - 00001346 _____ () C:\Windows\Tasks\JZXRBT.job
2015-03-30 15:59 - 2015-03-30 15:59 - 00004376 _____ () C:\Windows\System32\Tasks\ZXRHES
2015-03-30 15:59 - 2015-03-30 15:59 - 00004376 _____ () C:\Windows\System32\Tasks\JZXRBT
2015-03-26 20:14 - 2015-03-26 20:14 - 00005542 _____ () C:\Users\Raymond\AppData\Roaming\ZXRHES
2015-03-26 20:14 - 2015-03-26 20:14 - 00004185 _____ () C:\Users\Raymond\AppData\Roaming\JZXRBT
C:\PROGRA~3\FASTAN~1
C:\Program Files\FineDeaeLSoft
C:\Windows\SysWOW64\RENDF72.tmp
C:\Windows\SysWOW64\REN76D1.tmp
C:\Users\Raymond\AppData\Local\Temp\CloudBackup1662.exe
C:\Users\Raymond\AppData\Local\Temp\ddacabfcdja.exe
C:\Users\Raymond\AppData\Local\Temp\GIGABYTE G1 970 GM204 GSv1.rom__10924_i1488527051_il132762.exe
C:\Users\Raymond\AppData\Local\Temp\i4jdel0.exe
C:\Users\Raymond\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe
AlternateDataStreams: C:\Users\Public\DRM:??????
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Opera Software" /v "Last CommandLine v2" /f
Reg: reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Reg: reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2940932314-315015785-212226153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8095312a-039c-11e4-8021-d43d7e2bd256}" => Key deleted successfully.
HKCR\CLSID\{8095312a-039c-11e4-8021-d43d7e2bd256} => Key not found.
"HKU\S-1-5-21-2940932314-315015785-212226153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6679233-9614-11e3-986f-d43d7e2bd256}" => Key deleted successfully.
HKCR\CLSID\{b6679233-9614-11e3-986f-d43d7e2bd256} => Key not found.
"C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value Data removed successfully.
"c:\progra~3\fastan~1\fastan~1.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2940932314-315015785-212226153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\searchplugins\yahoo-avast.xml => Moved successfully.
GPCIDrv => Service deleted successfully.
GPUZ => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FB67963-5EFD-4B46-BA2F-BFF866D43E33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB67963-5EFD-4B46-BA2F-BFF866D43E33}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZXRHES => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZXRHES" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1A1D337-979F-4349-95A2-14D713BCCEB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A1D337-979F-4349-95A2-14D713BCCEB5}" => Key deleted successfully.
C:\Windows\System32\Tasks\JZXRBT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JZXRBT" => Key deleted successfully.
C:\Windows\Tasks\JZXRBT.job => Moved successfully.
C:\Windows\Tasks\ZXRHES.job => Moved successfully.
C:\Program Files\SSofttCoUp => Moved successfully.
C:\Program Files\SofftCoup => Moved successfully.
C:\Program Files\eaasytoshop => Moved successfully.
C:\ProgramData\deoaal2dEAlit => Moved successfully.
C:\ProgramData\AAppToU => Moved successfully.
C:\ProgramData\dealPeakk => Moved successfully.
C:\ProgramData\PRoSahopPer => Moved successfully.
C:\ProgramData\topdieaaL => Moved successfully.
C:\ProgramData\CuoupScannneir => Moved successfully.
C:\Program Files\Vuze => Moved successfully.
C:\Users\Raymond\AppData\Roaming\Azureus => Moved successfully.
"C:\Windows\Tasks\ZXRHES.job" => File/Directory not found.
"C:\Windows\Tasks\JZXRBT.job" => File/Directory not found.
"C:\Windows\System32\Tasks\ZXRHES" => File/Directory not found.
"C:\Windows\System32\Tasks\JZXRBT" => File/Directory not found.
C:\Users\Raymond\AppData\Roaming\ZXRHES => Moved successfully.
C:\Users\Raymond\AppData\Roaming\JZXRBT => Moved successfully.
"C:\PROGRA~3\FASTAN~1" => File/Directory not found.
C:\Program Files\FineDeaeLSoft => Moved successfully.
C:\Windows\SysWOW64\RENDF72.tmp => Moved successfully.
C:\Windows\SysWOW64\REN76D1.tmp => Moved successfully.
C:\Users\Raymond\AppData\Local\Temp\CloudBackup1662.exe => Moved successfully.
C:\Users\Raymond\AppData\Local\Temp\ddacabfcdja.exe => Moved successfully.
C:\Users\Raymond\AppData\Local\Temp\GIGABYTE G1 970 GM204 GSv1.rom__10924_i1488527051_il132762.exe => Moved successfully.
"C:\Users\Raymond\AppData\Local\Temp\i4jdel0.exe" => File/Directory not found.
C:\Users\Raymond\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe => Moved successfully.
"C:\Users\Public\DRM" => ":??????" ADS not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Trolltech => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => Key Deleted successfully.

========= reg.exe delete "HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Opera Software" /v "Last CommandLine v2" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
ForceActiveDesktopOn REG_DWORD 0x0



========= End of Reg: =========


========= reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin REG_DWORD 0x0
ConsentPromptBehaviorUser REG_DWORD 0x3
EnableInstallerDetection REG_DWORD 0x1
EnableLUA REG_DWORD 0x0
EnableSecureUIAPaths REG_DWORD 0x1
EnableUIADesktopToggle REG_DWORD 0x0
EnableVirtualization REG_DWORD 0x1
PromptOnSecureDesktop REG_DWORD 0x0
ValidateAdminCodeSignatures REG_DWORD 0x0
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0x0
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
FilterAdministratorToken REG_DWORD 0x0
DisableCAD REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI


========= End of Reg: =========


==== End of Fixlog 17:58:42 ====
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » April 4th, 2015, 6:24 pm

Hello TheDoctor46,


I need you to run the following fix..
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
OPR Extension: (CinemaP-1.4cV30.03) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-03-30]
Task: {B242376C-2666-44FA-8AEB-4B5C57DAA49C} - System32\Tasks\YFBLWJRIHX => C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af\ff90775ae4034b8bae4796d6b45dd9af.exe
2015-03-30 16:05 - 2015-03-30 16:05 - 00003566 _____ () C:\Windows\System32\Tasks\YFBLWJRIHX
2015-03-30 16:05 - 2015-03-30 18:12 - 00000000 ____D () C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af
2015-03-30 16:05 - 2015-03-30 16:05 - 00000000 ____D () C:\ProgramData\34835439b53c4b5dafc5b63b4bf06108
2015-03-30 15:59 - 2015-03-30 15:59 - 00000000 ____D () C:\ProgramData\7349012640429361576
2015-03-16 17:49 - 2014-12-12 16:30 - 00000000 ____D () C:\ProgramData\7349012640429361576UL
2015-03-30 15:59 - 2015-03-30 18:12 - 00000000 ____D () C:\Program Files (x86)\0915e3e3-e251-44b8-8621-f8893f12f5a4
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktop" /f                   
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktopChanges" /f
CMD: C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f
CMD: C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
CMD: C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

EmptyTemp:
CreateRestorePoint:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


I need you to run another FRST scan..
  • Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.


Please answer the following questions..
  • Is luckysearches still present on your Opera browser?
  • How is you computer behaving generally?

-----------------------------------------
In your next reply, I would like to see..
  • fixlog.txt
  • Eset log
  • FRST.txt
  • Addition.txt
  • Answer to my questions?
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 5th, 2015, 6:11 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Raymond at 2015-04-05 08:40:31 Run:2
Running from B:\Users\Raymond\Desktop\FRST
Loaded Profiles: Raymond (Available profiles: Raymond)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
OPR Extension: (CinemaP-1.4cV30.03) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-03-30]
Task: {B242376C-2666-44FA-8AEB-4B5C57DAA49C} - System32\Tasks\YFBLWJRIHX => C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af\ff90775ae4034b8bae4796d6b45dd9af.exe
2015-03-30 16:05 - 2015-03-30 16:05 - 00003566 _____ () C:\Windows\System32\Tasks\YFBLWJRIHX
2015-03-30 16:05 - 2015-03-30 18:12 - 00000000 ____D () C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af
2015-03-30 16:05 - 2015-03-30 16:05 - 00000000 ____D () C:\ProgramData\34835439b53c4b5dafc5b63b4bf06108
2015-03-30 15:59 - 2015-03-30 15:59 - 00000000 ____D () C:\ProgramData\7349012640429361576
2015-03-16 17:49 - 2014-12-12 16:30 - 00000000 ____D () C:\ProgramData\7349012640429361576UL
2015-03-30 15:59 - 2015-03-30 18:12 - 00000000 ____D () C:\Program Files (x86)\0915e3e3-e251-44b8-8621-f8893f12f5a4
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktop" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktopChanges" /f
CMD: C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f
CMD: C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
CMD: C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

EmptyTemp:
CreateRestorePoint:
Cmd: ipconfig /flushdns
*****************

C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B242376C-2666-44FA-8AEB-4B5C57DAA49C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B242376C-2666-44FA-8AEB-4B5C57DAA49C}" => Key deleted successfully.
C:\Windows\System32\Tasks\YFBLWJRIHX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YFBLWJRIHX" => Key deleted successfully.
"C:\Windows\System32\Tasks\YFBLWJRIHX" => File/Directory not found.
C:\ProgramData\ff90775ae4034b8bae4796d6b45dd9af => Moved successfully.
C:\ProgramData\34835439b53c4b5dafc5b63b4bf06108 => Moved successfully.
C:\ProgramData\7349012640429361576 => Moved successfully.
C:\ProgramData\7349012640429361576UL => Moved successfully.
C:\Program Files (x86)\0915e3e3-e251-44b8-8621-f8893f12f5a4 => Moved successfully.

========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktop" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktopChanges" /f =========

The operation completed successfully.



========= End of Reg: =========


========= C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f =========

The operation completed successfully.


B:\Users\Raymond\Desktop\FRST>Y
'Y' is not recognized as an internal or external command,
operable program or batch file.

B:\Users\Raymond\Desktop\FRST>
========= End of CMD: =========


========= C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f =========

The operation completed successfully.


B:\Users\Raymond\Desktop\FRST>Y
'Y' is not recognized as an internal or external command,
operable program or batch file.

B:\Users\Raymond\Desktop\FRST>
========= End of CMD: =========


========= C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f =========

The operation completed successfully.


B:\Users\Raymond\Desktop\FRST>Y
'Y' is not recognized as an internal or external command,
operable program or batch file.

B:\Users\Raymond\Desktop\FRST>
========= End of CMD: =========

Restore point was successfully created.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 859.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:40:42 ====


ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ea8ddb111487346b045292ad4abc51a
# engine=23238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-05 09:18:58
# local_time=2015-04-05 10:18:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4530478 69531654 0 0
# scanned=460190
# found=15
# cleaned=0
# scan_time=5419
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="B:\$RECYCLE.BIN\S-1-5-21-2940932314-315015785-212226153-1000\$R5KS6QQ.exe"
sh=143091618B6C7611C41C9179929B666D2C697C63 ft=1 fh=ca9c05462c203e51 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="B:\Users\Raymond\Desktop\Games Related\Monitoring tools\coretemp_1236.exe"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="a variant of Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=D62E826B13E242DC0BABCAD05E3A4613795A024F ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi.vir"
sh=666168868E9B8B6BAB123F697D6E621E902DDDCC ft=1 fh=c71c00117a697a0a vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CoupScanner\bXqmVEsrPQBNza.exe.vir"
sh=E3B202651C97FD7241F76EB147B5CD163DFD7078 ft=1 fh=c71c00117859331c vn="a variant of Win32/SProtector.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafe.dll.vir"
sh=D3E58DA9FB271D4BCA31AEBD45748F5AFE1B491E ft=1 fh=8419c0bdb0e5b97e vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafeSvc.dll.vir"
sh=A0D52DCF369EF5A26EDD02F381A30BC06D6159F1 ft=1 fh=c71c00110a80296a vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafe_x64.dll.vir"
sh=831412C90FA206C19B0664D9BD5267F59B616EFC ft=1 fh=c71c00117d5be49e vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\savernet\ABLdV0mx5LN5Qn.exe.vir"
sh=728D952AC1492F8331E2ED29921D5DDB8658697A ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\fftoolbar2014@etech.com\chrome\content\toolbar.js.vir"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Raymond\AppData\Local\Temp\CloudBackup1662.exe.xBAD"
sh=04A85F5BC47F37FBEBD5167AC8C5959AE634ED9D ft=1 fh=06bbff8994117568 vn="a variant of Win32/Amonetize.EE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Raymond\AppData\Local\Temp\GIGABYTE G1 970 GM204 GSv1.rom__10924_i1488527051_il132762.exe.xBAD"
sh=244EA60E7D5D45DE10670B877D24A480419F30A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Raymond\AppData\Roaming\JZXRBT.xBAD"
sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Raymond\AppData\Roaming\ZXRHES.xBAD"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.29_0\extensionData\plugins\91.js"
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 5th, 2015, 6:20 am

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Raymond (administrator) on RMWD-Z77 on 05-04-2015 11:08:33
Running from B:\Users\Raymond\Desktop\FRST
Loaded Profiles: Raymond (Available profiles: Raymond)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Curse) C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-08-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-11] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87184 2015-03-28] ()
HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\MountPoints2: {8095312a-039c-11e4-8021-d43d7e2bd256} - E:\RUS-Setup.exe
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)
Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKU\S-1-5-21-2940932314-315015785-212226153-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default
FF DefaultSearchUrl: https://uk.search.yahoo.com/yhs/search
FF Keyword.URL: https://uk.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940932314-315015785-212226153-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raymond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-05-07] (Unity Technologies ApS)
FF Extension: SharkManCoupon - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\_ldod_kbrcdtsauxcc@hvwvdh_uskydndcolx.org [2015-04-03]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-11-08]
FF Extension: Video DownloadHelper - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-19]
FF HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-07]

Opera:
=======
OPR Extension: (Enhanced Steam) - C:\Users\Raymond\AppData\Roaming\Opera Software\Opera Stable\Extensions\nocljnglnafkiegpgejigocoffiopoma [2015-01-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [344288 2015-03-20] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (Micro-Star International)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; B:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-20] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-06] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-31] (Qualcomm Atheros)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-04] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-16] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-05] ()
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 08:45 - 2015-04-05 08:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-04 08:52 - 2015-04-04 08:52 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 08:52 - 2015-04-04 08:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 17:55 - 2015-04-03 17:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RMWD-Z77-Windows-7-Home-Premium-(64-bit).dat
2015-04-03 17:55 - 2015-04-03 17:55 - 00000000 ____D () C:\RegBackup
2015-04-03 17:54 - 2015-04-03 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-03 17:44 - 2015-04-03 17:44 - 00000020 _____ () C:\Users\Raymond\AppData\Roaming\appdataFr3.bin
2015-04-03 12:38 - 2015-04-03 12:38 - 00000000 ____D () C:\Users\Raymond\AppData\Local\WarmachineGame
2015-04-02 08:19 - 2015-04-05 11:08 - 00000000 ____D () C:\FRST
2015-04-01 16:40 - 2015-04-01 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-04-01 16:40 - 2015-04-01 16:40 - 00000000 ____D () C:\MGADiagToolOutput
2015-04-01 13:20 - 2015-04-01 13:20 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
2015-03-30 18:05 - 2015-03-30 18:20 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 18:05 - 2015-03-30 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-30 18:05 - 2015-03-30 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-30 18:05 - 2015-03-30 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 18:05 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 18:05 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-30 18:05 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-30 17:30 - 2015-03-30 17:30 - 00000000 _____ () C:\autoexec.bat
2015-03-30 17:22 - 2015-04-05 08:41 - 00026164 _____ () C:\Windows\PFRO.log
2015-03-30 17:22 - 2015-04-05 08:41 - 00002903 _____ () C:\Windows\setupact.log
2015-03-30 17:22 - 2015-03-30 17:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-30 16:43 - 2015-03-30 16:46 - 00000000 ____D () C:\AdwCleaner
2015-03-30 16:22 - 2015-03-30 16:25 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-30 16:16 - 2015-03-30 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\Users\Raymond\AppData\Local\VS Revo Group
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-30 16:16 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-30 13:12 - 2015-01-16 14:57 - 00014480 _____ () C:\Windows\system32\Drivers\nvflash.sys
2015-03-30 13:00 - 2015-03-30 13:00 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-03-30 12:26 - 2015-03-30 12:26 - 00003416 _____ () C:\Windows\System32\Tasks\EVGAPrecisionX
2015-03-29 14:02 - 2013-05-05 16:32 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2015-03-28 17:30 - 2015-03-30 22:07 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-03-28 17:29 - 2015-03-28 17:29 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Futuremark
2015-03-28 17:27 - 2015-03-28 17:27 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-03-27 13:33 - 2015-03-27 13:37 - 00000000 ____D () C:\Users\Raymond\Valley
2015-03-25 23:00 - 2015-03-26 14:02 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\NVIDIA
2015-03-25 14:00 - 2015-03-31 20:33 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-25 14:00 - 2015-03-25 14:00 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-03-25 13:54 - 2015-03-25 13:54 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2015-03-25 13:54 - 2015-03-25 13:54 - 00000000 ____D () C:\GvTemp
2015-03-25 08:29 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 08:29 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 08:29 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 08:29 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 08:29 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 08:29 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 08:29 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 08:29 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-21 22:26 - 2015-04-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-19 08:51 - 2015-04-05 08:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 08:51 - 2015-03-28 04:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-19 08:51 - 2015-03-28 04:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-19 08:51 - 2015-03-28 04:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-19 08:51 - 2015-03-28 04:43 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-19 08:51 - 2015-03-25 19:00 - 00000000 ____D () C:\Users\Raymond\AppData\Local\NVIDIA
2015-03-19 08:51 - 2015-03-19 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-19 08:51 - 2015-03-13 17:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-19 08:51 - 2015-03-13 17:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-19 08:51 - 2015-03-13 17:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-19 08:51 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-19 08:51 - 2015-03-11 14:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-19 08:50 - 2015-03-13 20:41 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-19 08:50 - 2015-03-13 20:41 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-19 08:49 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-19 08:49 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-19 08:49 - 2015-03-13 20:41 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-19 08:49 - 2015-03-13 20:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-18 14:11 - 2015-03-18 14:11 - 00000000 ____D () C:\Users\Raymond\dwhelper
2015-03-16 17:49 - 2015-03-16 17:49 - 00000000 ____D () C:\Program Files (x86)\Reddit Link Opener
2015-03-12 09:43 - 2015-04-05 08:41 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Colossal Order
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\.mono
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Colossal Order
2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\ProgramData\.mono
2015-03-11 09:44 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:44 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:44 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:44 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:44 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 09:44 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 09:44 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 09:44 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 09:44 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:44 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 09:44 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 09:44 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:44 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:44 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 09:44 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:44 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 09:44 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:44 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:44 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:44 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:44 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:44 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:44 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:44 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:44 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:44 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:44 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 09:44 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 09:44 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 09:44 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 09:44 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 09:44 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 09:44 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 09:44 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 09:44 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 09:44 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 09:44 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:44 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:44 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 09:44 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:44 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:44 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:44 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 09:43 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:43 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:43 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:43 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:43 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:43 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:43 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:43 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:43 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 09:43 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 09:43 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 09:43 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 09:43 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 09:43 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 09:43 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 09:43 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:43 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:43 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 09:43 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:43 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 09:43 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 09:43 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 09:43 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 09:43 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:43 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 09:43 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:43 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:43 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:43 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:43 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:43 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:43 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:43 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:43 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:43 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:43 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:43 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:43 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:43 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:43 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:43 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 09:43 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:43 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:43 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 09:43 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:43 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 09:43 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 09:43 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 09:43 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:43 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 09:43 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 09:43 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 09:43 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 09:43 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 09:43 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 09:43 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:43 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:43 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:43 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:43 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:43 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 09:43 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 09:43 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 09:43 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:43 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 09:43 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 09:43 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 09:43 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:43 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:43 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 09:43 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 09:43 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 09:43 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:43 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 09:43 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:43 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 09:43 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:43 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:43 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 10:42 - 2013-03-07 14:55 - 01401036 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 10:30 - 2013-03-22 09:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 09:42 - 2013-03-07 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 08:48 - 2009-07-14 05:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 08:48 - 2009-07-14 05:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 08:47 - 2009-07-14 06:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 08:41 - 2013-11-30 10:24 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Deployment
2015-04-05 08:41 - 2013-03-07 22:11 - 00003026 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-04-05 08:41 - 2013-03-07 15:20 - 00058864 _____ () C:\Users\Raymond\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-05 08:41 - 2013-03-07 15:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-04-05 08:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 22:35 - 2013-11-19 09:18 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Battle.net
2015-04-04 13:09 - 2013-03-07 20:04 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-04-03 17:44 - 2014-01-15 17:08 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Google
2015-04-03 17:44 - 2014-01-15 17:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 08:39 - 2013-10-22 08:15 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-02 16:38 - 2013-03-07 17:29 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\vlc
2015-04-01 21:55 - 2013-03-11 14:45 - 00000000 ____D () C:\Users\Raymond\AppData\Local\CrashDumps
2015-04-01 13:20 - 2013-03-14 09:23 - 00000000 __SHD () C:\Users\Public\DRM
2015-03-31 22:26 - 2013-08-08 13:57 - 02128896 _____ () C:\Users\Raymond\AppData\Local\file__0.localstorage
2015-03-30 18:12 - 2014-10-19 14:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-30 17:19 - 2013-10-02 18:32 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 16:51 - 2013-03-07 20:45 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-30 16:23 - 2015-01-21 09:27 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 28.lnk
2015-03-30 16:23 - 2013-03-07 14:56 - 00001413 _____ () C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-30 15:58 - 2013-03-07 16:11 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-30 08:53 - 2013-03-07 20:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-28 21:36 - 2013-10-04 20:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-28 13:24 - 2013-10-18 19:39 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\Milestone
2015-03-27 23:17 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-27 13:33 - 2013-03-07 14:55 - 00000000 ____D () C:\Users\Raymond
2015-03-27 13:32 - 2013-08-08 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2015-03-25 19:00 - 2013-12-03 15:57 - 00000000 ____D () C:\Users\Raymond\AppData\Local\NVIDIA Corporation
2015-03-25 13:57 - 2013-03-07 15:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-25 11:23 - 2014-12-11 09:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 11:23 - 2014-04-23 15:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 09:16 - 2014-09-12 15:00 - 00000000 ____D () C:\Users\Raymond\AppData\Local\Adobe
2015-03-24 09:16 - 2013-03-22 09:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-24 09:16 - 2013-03-07 17:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-24 09:16 - 2013-03-07 17:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 19:44 - 2014-06-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Europa Universalis IV
2015-03-19 08:51 - 2013-03-07 15:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 08:51 - 2013-03-07 15:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-19 08:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-18 18:48 - 2015-01-18 09:48 - 00003830 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421570934
2015-03-18 18:48 - 2013-03-07 16:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-15 22:43 - 2013-07-15 07:28 - 00000000 ____D () C:\Users\Raymond\AppData\Roaming\tropico 4
2015-03-15 19:18 - 2014-06-21 22:39 - 00000000 ____D () C:\Program Files (x86)\Hearts of Iron 3
2015-03-12 18:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 09:44 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 09:43 - 2009-07-14 05:45 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 00:06 - 2013-07-26 07:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:03 - 2013-03-07 15:49 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-22 17:58 - 2015-02-22 17:58 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-03 17:44 - 2015-04-03 17:44 - 0000020 _____ () C:\Users\Raymond\AppData\Roaming\appdataFr3.bin
2013-08-08 13:57 - 2015-03-31 22:26 - 2128896 _____ () C:\Users\Raymond\AppData\Local\file__0.localstorage
2013-11-08 21:31 - 2013-11-08 21:31 - 0007602 _____ () C:\Users\Raymond\AppData\Local\Resmon.ResmonCfg
2015-03-30 16:36 - 2015-03-30 16:36 - 0011746 _____ () C:\Users\Raymond\AppData\Local\Temp-log.txt
2013-08-06 13:10 - 2015-01-28 12:31 - 0008221 _____ () C:\ProgramData\hpzinstall.log
2015-01-07 14:22 - 2015-01-07 14:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-10-04 20:34 - 2014-10-04 20:34 - 0000258 ____H () C:\ProgramData\tmaster8.net

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 12:19

==================== End Of Log ============================
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby TheDoctor46 » April 5th, 2015, 6:25 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Raymond at 2015-04-05 11:08:44
Running from B:\Users\Raymond\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome (HKLM-x32\...\Steam App 15560) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version: - Arcen Games, LLC)
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Arsenal of Democracy (HKLM-x32\...\Steam App 42850) (Version: - BL-Logic)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0 - Atheros)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Steam App 234080) (Version: - MercurySteam - Climax Studios)
Castlevania: Lords of Shadow 2 Demo (HKLM-x32\...\Steam App 273130) (Version: - MercurySteam)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chainsaw Warrior (HKLM-x32\...\Steam App 251710) (Version: - Auroch Digital)
Circuits (HKLM-x32\...\Steam App 282760) (Version: - Digital Tentacle)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox)
Curse Client (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Danmaku Unlimited 2 (HKLM-x32\...\Steam App 280560) (Version: - Doragon Entertainment)
Democracy 2 (HKLM-x32\...\Steam App 218040) (Version: - Positech Games)
Depths of Peril (HKLM-x32\...\Steam App 23600) (Version: - Soldak Entertainment, Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Desura (HKLM-x32\...\Desura) (Version: 100.55 - Desura)
Desura: Talisman Prologue (HKLM-x32\...\Desura_83008832929824) (Version: Full - Nomad Games Limited)
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version: - Codemasters Racing Studio)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
DuckTales Remastered (HKLM-x32\...\Steam App 237630) (Version: - WayForward)
Dungeons & Dragons: Chronicles of Mystara (HKLM-x32\...\Steam App 229480) (Version: - Iron Galaxy Studios)
Dungeons and Dragons Anthology: The Master Collection (HKLM-x32\...\{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}) (Version: 1.0.0 - Atari)
Eador. Masters of the Broken World (HKLM-x32\...\Steam App 232050) (Version: - Snowbird Games)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version: - Monolith )
F.E.A.R.: Extraction Point (HKLM-x32\...\Steam App 21110) (Version: - Monolith )
F.E.A.R.: Perseus Mandate (HKLM-x32\...\Steam App 21120) (Version: - Monolith )
F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{79659071-4B68-4EC8-833C-49C97B68FCD0}) (Version: 4.36.512.0 - Futuremark)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HHD Software Hex Editor Neo 6.10 (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.10.5.5341 - HHD Software, Ltd.)
Hitman 2: Silent Assassin (HKLM-x32\...\Steam App 6850) (Version: - IO Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - )
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Karaoke Sound Tools 2 (HKLM-x32\...\{7FD9BDEA-CCE1-40AB-8754-43810BA64CAA}_is1) (Version: - Doblon)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version: - Almost Human Games)
Livestreamer 1.10.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Max Payne (HKLM-x32\...\Steam App 12140) (Version: - Remedy Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.1.0 - Ubisoft)
Might & Magic VI (HKLM-x32\...\Steam App 243380) (Version: - )
Might & Magic X - Legacy (HKLM-x32\...\Steam App 238750) (Version: - Ubisoft)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MotoGP™14 Demo (HKLM-x32\...\Steam App 298000) (Version: - Milestone S.r.l.)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.5 - MSI)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NaturalReaderFree (HKLM-x32\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera 12.14 (HKLM-x32\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5864) (Version: - )
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version: - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version: - )
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Resident Evil 4 / Biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)
Resident Evil 5 (HKLM-x32\...\Steam App 21690) (Version: - Capcom)
Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version: - CAPCOM Co., Ltd.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Revolution Under Siege Demo v1.00 (HKLM-x32\...\Revolution under Siege Demo_is1) (Version: - SEP RED)
RIDE: Game Demo (HKLM-x32\...\Steam App 355660) (Version: - Milestone S.r.l.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Sentinel (HKLM-x32\...\Steam App 293200) (Version: - Matthew Brown)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version: - Croteam)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - Maxis)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Bridge (HKLM-x32\...\Steam App 204240) (Version: - Ty Taylor and Mario Castañeda)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version: - id Software)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.02 - Ubisoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity Web Player (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Virtual Pool 4 Demo (HKLM-x32\...\{76EA761E-E91A-4715-8511-12B7707E53BF}) (Version: 4.1.2.5 - Celeris)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warmachine Tactics (HKLM-x32\...\Steam App 253510) (Version: - WhiteMoon Dreams)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2940932314-315015785-212226153-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR (HKLM-x32\...\WinRAR) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft)
X3: Reunion (HKLM-x32\...\Steam App 2810) (Version: - Egosoft)
Ys I (HKLM-x32\...\Steam App 223810) (Version: - Nihon Falcom)
Zafehouse: Diaries (HKLM-x32\...\Steam App 249360) (Version: - Screwfly)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{17eaa3cb-0208-4e55-8bc1-c57110b53533}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2940932314-315015785-212226153-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Raymond\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Restore Points =========================

01-04-2015 13:19:53 Removed HHD Software Free Hex Editor Neo 5.14
01-04-2015 13:20:17 Installed HHD Software Hex Editor Neo 6.10
02-04-2015 08:09:30 Windows Update
04-04-2015 08:52:51 Windows Update
05-04-2015 08:40:32 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25A304C7-14B4-404A-955F-881B638026A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {26B7531E-EB51-4491-B45B-BF4A77F6D54E} - System32\Tasks\EVGAPrecisionX => B:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
Task: {46641001-3862-4712-8C42-01A784CF569B} - System32\Tasks\Opera scheduled Autoupdate 1421570934 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {4B970C17-D41F-4F68-8656-1DD7E4943D06} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {659C71B7-2EDA-47A8-A0DD-FF3A49464469} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {691FAA8F-C512-46DA-AF1C-09598B9F9448} - System32\Tasks\CCleanerSkipUAC => B:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {701040E2-A6CD-4C3B-B6BF-055F3BCBB88D} - System32\Tasks\{50AD9756-DB3B-4B72-B9E8-F1DA072B203D} => pcalua.exe -a B:\Users\Raymond\Desktop\widescreen-v3.05.exe -d B:\Users\Raymond\Desktop
Task: {8B967663-B770-4142-B346-F7BEC0BB0587} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C2D02DED-5DA5-4038-8BE8-B3AE292B00C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CD69F68D-9768-4604-BACD-9285589B749E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0F8E87D-C805-419C-92D2-F9525F2E0CDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-19 08:51 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-30 19:07 - 2014-11-09 12:37 - 00402432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2012-08-16 21:36 - 2012-08-16 21:36 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-08-16 21:36 - 2012-08-16 21:36 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-12-06 08:03 - 2014-12-06 08:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2013-10-11 20:20 - 2013-11-06 16:00 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-08-31 17:44 - 2012-08-31 17:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2013-03-07 15:25 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-03-07 15:25 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2015-03-19 08:51 - 2015-03-28 04:43 - 00087184 _____ () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
2014-10-09 21:26 - 2014-10-09 21:26 - 00016384 ____N () C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2013-11-30 10:25 - 2013-11-30 10:25 - 00035840 _____ () C:\Users\Raymond\AppData\Local\Apps\2.0\7YV0X25P.5Y1\7RNH6X6Y.91N\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00197632 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2014-12-06 08:01 - 2014-12-06 08:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-08-30 19:07 - 2014-11-09 12:37 - 00356864 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2014-10-19 14:08 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2013-03-07 15:25 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2015-04-03 08:38 - 2015-03-28 04:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-19 08:51 - 2015-03-28 04:43 - 00621200 _____ () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvGpuInterface.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2013-03-07 16:11 - 2015-01-25 11:18 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2015-03-24 09:16 - 2015-03-24 09:16 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
2014-10-16 17:53 - 2014-10-16 17:53 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\6db28a56705777a05ce7d52fe5367afb\PSIClient.ni.dll
2014-06-15 11:25 - 2013-09-17 03:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2940932314-315015785-212226153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER

==================== Accounts: =============================

Administrator (S-1-5-21-2940932314-315015785-212226153-500 - Administrator - Disabled)
Guest (S-1-5-21-2940932314-315015785-212226153-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2940932314-315015785-212226153-1002 - Limited - Enabled)
Raymond (S-1-5-21-2940932314-315015785-212226153-1000 - Administrator - Enabled) => C:\Users\Raymond

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2015 11:05:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/05/2015 08:45:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/05/2015 08:45:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/05/2015 08:45:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/05/2015 08:45:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/05/2015 08:40:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bd1ec093-4a5a-4f53-acaf-52182f5d77a3}

Error: (04/05/2015 08:40:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bd1ec093-4a5a-4f53-acaf-52182f5d77a3}

Error: (04/05/2015 08:40:32 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a1abdb9b-20ef-45be-a1f2-47d36995723b}

Error: (04/04/2015 08:52:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8c2a4da4-d1b9-4196-9fbc-baa70706a4a1}

Error: (04/03/2015 05:56:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e47cffd7-2682-47de-a48b-a43fa66d078b}


System errors:
=============
Error: (04/01/2015 06:52:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (04/01/2015 06:52:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/30/2015 05:29:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2015 05:29:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2015 04:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ISCT Always Updated Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/30/2015 04:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/30/2015 04:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/30/2015 04:44:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/30/2015 04:44:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2015 04:44:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/05/2015 11:05:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/05/2015 08:45:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestB:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (04/05/2015 08:45:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestB:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (04/05/2015 08:45:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestB:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (04/05/2015 08:45:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestB:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (04/05/2015 08:40:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bd1ec093-4a5a-4f53-acaf-52182f5d77a3}

Error: (04/05/2015 08:40:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bd1ec093-4a5a-4f53-acaf-52182f5d77a3}

Error: (04/05/2015 08:40:32 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a1abdb9b-20ef-45be-a1f2-47d36995723b}

Error: (04/04/2015 08:52:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8c2a4da4-d1b9-4196-9fbc-baa70706a4a1}

Error: (04/03/2015 05:56:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2940932314-315015785-212226153-1008.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e47cffd7-2682-47de-a48b-a43fa66d078b}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16330.77 MB
Available physical RAM: 12570.66 MB
Total Pagefile: 32659.72 MB
Available Pagefile: 28614.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive b: (HDD) (Fixed) (Total:931.51 GB) (Free:265.9 GB) NTFS
Drive c: (SSD) (Fixed) (Total:119.14 GB) (Free:47.89 GB) NTFS
Drive e: (Revolution Under) (CDROM) (Total:0.94 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F2E97AA1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A06837A4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


General computer behaviour is fine.

Luckysearches still appears as the first page when I open Opera. Maybe it's this registry entry causing that. It's still in the registry. It was picked up by the FarBar scan done near the start of this thread.

[HKEY_USERS\S-1-5-21-2940932314-315015785-212226153-1000\Software\Opera Software]
"Last CommandLine v2"="C:\Program Files (x86)\Opera\opera.exe http://www.luckysearches.com/?type=sc&t ... NEAC812014 "
TheDoctor46
Active Member
 
Posts: 13
Joined: March 30th, 2015, 1:36 pm

Re: "Luckysearches" hijacking browser and other adware

Unread postby mAL_rEm018 » April 6th, 2015, 1:48 am

Hello TheDoctor46,

I apologize for the delay in getting back to you. I am still reviewing your logs and I will be back with a reply as soon as possible.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware