Jump to content


Photo

Laptop 'Locks-up' Until I Ctrl+Alt+Del


  • Please log in to reply
20 replies to this topic

#1 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 August 2015 - 03:39 PM

So this all started yesterday (Friday) morning, I believe. My laptop will suddenly/randomly lock-up and I am unable to click anything on the taskbar and occasionally can't click anything on the desktop. I've been unable to click & drag icons on my desktop as well. Occasionally my mouse will make a single-click on its own, and sometimes (only while using Firefox so far) the cursor will change to the scrolling icon while on a website. I've also noticed that while using Google Chrome, clicking on a tab will close it (without clicking the tiny 'x'), and I'm unable to click Chromes settings/options button. The keyboard is working perfectly fine, so I am still able to use hotkey shortcuts. (No mouse/cursor issues seem to occur in games that require a mouse, but window/icon lock-ups outside of the game window still occur and require the task manager temp-fix)

 

The only thing that seems to fix a majority of these issues (except for the ones involving Chrome and clicking & draging icons on my desktop) is when I ctrl+alt+del and open the task manager. After closing task manager almost everything will be working normally, but the problems return only seconds/minutes later.

 

So far I've tried restarting my laptop three times, unplugged my mouse and plugged it back in, and none of it has worked.

I'm using an Acer Aspire laptop with a Logitech USB Optical Mouse, running Windows 7.

I'll provide all of my logs below as instructed in the "Instructions for posting requested logs" topic. (I hope I'm doing this right..)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/22/2015
Scan Time: 2:39 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.22.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chaotic Lawliet

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383164
Time Elapsed: 1 hr, 1 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\ExtensionUpdaterService.exe, 3364, , [f8e348c3355690a69f1642dea360a25e]

Modules: 0
(No malicious items detected)

Registry Keys: 170
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}\INPROCSERVER32, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Extension.ExtensionHelperObject, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Extension.ExtensionHelperObject.1, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.StartPage.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\Toolbar.CT3220468, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3220468, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar.CT3220468, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C329777A-0CD1-4A76-92A7-65867073661E}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FFBAC79-9683-4C7D-9B08-7637FC3A6748}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A11BC516-01FE-4AD3-8D5B-876439AF1870}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FF7FA134-575D-4E60-8DBA-6090D2A1E162}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FFBAC79-9683-4C7D-9B08-7637FC3A6748}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A11BC516-01FE-4AD3-8D5B-876439AF1870}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF7FA134-575D-4E60-8DBA-6090D2A1E162}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7FFBAC79-9683-4C7D-9B08-7637FC3A6748}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A11BC516-01FE-4AD3-8D5B-876439AF1870}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FF7FA134-575D-4E60-8DBA-6090D2A1E162}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.JSOptionsImpl.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.JSOptionsImpl, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.JSOptionsImpl, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.JSOptionsImpl, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.JSOptionsImpl.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.JSOptionsImpl.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C329777A-0CD1-4A76-92A7-65867073661E}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.IEToolbar.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.IEToolbar, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.IEToolbar, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.IEToolbar, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.IEToolbar.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.IEToolbar.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.FCTB000060231Pos.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.FCTB000060231Pos, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.FCTB000060231Pos, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.FCTB000060231Pos, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.FCTB000060231Pos.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.FCTB000060231Pos.1, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.TheSeaApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKLM\SOFTWARE\CLASSES\TheSeaApp.Plugin, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TheSeaApp.Plugin, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TheSeaApp.Plugin, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.TheSeaApp, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Api, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Api.1, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Layers, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Layers.1, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d],
Adware.Zwangi, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33524C00-63FB-43DB-A6BF-0A4E14B24649}, , [c615f219a9e28aac3832c5ebba4818e8],
PUP.Optional.InfoAtoms, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{103089DA-0F31-4A8B-843F-7D24A7FE8345}, , [67744dbe2863e45265e5dacb16ec5aa6],
PUP.Optional.InfoAtoms, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{103089DA-0F31-4A8B-843F-7D24A7FE8345}, , [67744dbe2863e45265e5dacb16ec5aa6],
PUP.Optional.WebAssistant.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Web Assistant Updater, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.TheSeaApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\The Sea App, , [64773dce305b1b1b08c695d554aff010],
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}, , [6f6c769592f967cf23cf892000049d63],
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}, , [6f6c769592f967cf23cf892000049d63],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, , [b4273ecd266590a647f79eb232d107f9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\YontooIEClient.DLL, , [21ba1cef8dfeb383cb738cc453b01ae6],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [20bba26904875bdbb83938221fe4817f],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, , [06d5ec1f4f3ca0962faeac06a85c7d83],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [b12a31da8407c86e7c6965feff04b44c],
PUP.Optional.uTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentControl_v2, , [3d9ea16a127990a646fb2a3410f3c33d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, , [18c3a06bbad167cff44ab29eb3502fd1],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [fedde823216a50e6757cc09a4cb741bf],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, , [a03bdb3033587bbba8583c1c9c67d927],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\BCFJEHBFANFHGOEHOGMBIEBEDKIDEDJB, , [a43794776b204de952e3d15225de29d7],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, , [66757f8c672448eeb580f82b8b78af51],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\HAPJCFHLHBIDAFLNBNNHKOJDPEIOOOGL, , [ae2d9f6cf19a2a0cb77eb96a12f137c9],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\HHFONPMGPHIGEPLCEBCIGHENGMGIHNKH, , [f9e214f77219eb4bde5725fe946fed13],
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}, , [499249c2afdcb284c034f3b6996b44bc],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [6c6fba511b7036003e9c75b0a261946c],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [7b60010a4f3cac8a443b8cc1ad560af6],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\InstallCore, , [a734a2698902bd792535208ccd379b65],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Tbccint_HKLM, , [2cafad5e4f3c89ad52ea2684dd27f60a],
PUP.Optional.uTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\uTorrentControl_v2, , [875444c76427a29442002737e221659b],
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\WEDLMNGR, , [d90215f6593283b3add79dacd132aa56],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [e1fa0506ed9e5cda8ef8f1487e8555ab],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [439832d9860595a1a46e6fcb15ee53ad],
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [c9127794ff8ca0967d8bf270ba497b85],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\CONDUIT\DistributionEngine, , [607bf01b4b402b0b2987802ab94b6f91],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\CONDUIT\FF, , [f0ebcd3eddae8aac7d99ceb1689c46ba],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BCFJEHBFANFHGOEHOGMBIEBEDKIDEDJB, , [56854ebd6a2135018fa7b66d32d1936d],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, , [12c9f11adead3bfbf83ed251f80b0000],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\HAPJCFHLHBIDAFLNBNNHKOJDPEIOOOGL, , [d209b754206ba591e84e4ad9f80b1ae6],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\HHFONPMGPHIGEPLCEBCIGHENGMGIHNKH, , [87544cbfb6d53ff72e088a99a95a7f81],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}, , [f7e4f2198209cd69c62d7237bb49c63a],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84248DD2-05A5-442F-A34C-BEFF208545E8}, , [30ab2edd6d1eea4c7b78961353b14fb1],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [13c832d99cef90a6f9e26db8679ce21e],
PUP.Optional.uTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrentControl_v2 Toolbar, , [c219898294f7da5c63a28e5ec9398c74],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4D7890D-2FC4-4B51-A4DA-19B4F07B3B57}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4D7890D-2FC4-4B51-A4DA-19B4F07B3B57}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A4D7890D-2FC4-4B51-A4DA-19B4F07B3B57}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4],
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Dogpile Bundle Toolbar, , [12c97992a4e7e45298b7549ae1214cb4],

Registry Values: 31
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [dffc010ad9b2a88e498aebaf79894cb4]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [dffc010ad9b2a88e498aebaf79894cb4]
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, ½¶st‘FDG¨+xTë=p¶, , [e3f845c6a8e333034d35811c9c664bb5]
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, uTorrentControl_v2 Toolbar, , [e3f845c6a8e333034d35811c9c664bb5]
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5],
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, ²Þ È5‡ÆD½U¡ÌÕUfz, , [b9222ae17615a98d012b6d30d52d5ca4]
PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [b5264ac18b00f83edca62e6fcc363bc5],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [dcffc24967244de96a18663741c108f8],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [607bf912a7e445f10f73a4f953af6799],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [7c5f9774afdca3935929326b788a728e],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [c4178d7e7516f1459c37a1f944be28d8],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [b3287d8e078456e00ec5edad5da5af51],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}|Contact, support@yontoo.com, , [06d5ec1f4f3ca0962faeac06a85c7d83]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bcfjehbfanfhgoehogmbiebedkidedjb|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx, , [a43794776b204de952e3d15225de29d7]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, , [66757f8c672448eeb580f82b8b78af51]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hapjcfhlhbidaflnbnnhkojdpeiooogl|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx, , [ae2d9f6cf19a2a0cb77eb96a12f137c9]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hhfonpmgphigeplcebcighengmgihnkh|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hhfonpmgphigeplcebcighengmgihnkh.crx, , [f9e214f77219eb4bde5725fe946fed13]
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}|AppPath, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [499249c2afdcb284c034f3b6996b44bc]
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.condui...ctid=CT3220468,, [6c6fba511b7036003e9c75b0a261946c]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bcfjehbfanfhgoehogmbiebedkidedjb|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx, , [56854ebd6a2135018fa7b66d32d1936d]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, , [12c9f11adead3bfbf83ed251f80b0000]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hapjcfhlhbidaflnbnnhkojdpeiooogl|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx, , [d209b754206ba591e84e4ad9f80b1ae6]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hhfonpmgphigeplcebcighengmgihnkh|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hhfonpmgphigeplcebcighengmgihnkh.crx, , [87544cbfb6d53ff72e088a99a95a7f81]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}|AppPath, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [f7e4f2198209cd69c62d7237bb49c63a]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84248DD2-05A5-442F-A34C-BEFF208545E8}|AppPath, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [30ab2edd6d1eea4c7b78961353b14fb1]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.condui...ctid=CT3220468,, [13c832d99cef90a6f9e26db8679ce21e]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|SuggestionsURL_JSON, http://suggest.searc...={searchTerms},, [36a55bb0553638fe99429f86b152857b]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|FaviconURL, http://search.conduit.com/favicon.ico, , [26b586858209fe382daefa2bb94a8f71]
PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4],

Registry Data: 0
(No malicious items detected)

Folders: 195
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\content, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\content\libraries, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\content\resources, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\locale, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\skin, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\defaults, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\defaults\preferences, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\libraries, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\resources, , [f8e348c3355690a69f1642dea360a25e],
PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [1fbc8289513aa6905348bf621ee5ff01],
PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit, , [1fbc8289513aa6905348bf621ee5ff01],
PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\BackgroundContainer, , [1fbc8289513aa6905348bf621ee5ff01],
PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\Community Alerts, , [1fbc8289513aa6905348bf621ee5ff01],
PUP.Optional.ConduitTB.Gen, C:\Users\Chaotic Lawliet\AppData\Local\CRE, , [84578487ddae9f972b09f132db28659b],
PUP.Optional.ConduitTB.Gen, C:\Users\Chaotic Lawliet\AppData\Local\Temp\CT3251747, , [f2e9c3483a516dc9a3952bf8e02343bd],
PUP.Optional.TheSeaApp.A, C:\Program Files (x86)\The Sea App (Internet Explorer), , [64773dce305b1b1b08c695d554aff010],
PUP.Optional.ConduitTB.Gen.A, C:\Program Files (x86)\Conduit\Community Alerts, , [6f6c769592f967cf23cf892000049d63],
PUP.Optional.ConduitTB.Gen.A, C:\Program Files (x86)\Conduit, , [6f6c769592f967cf23cf892000049d63],
PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy, , [84571af1cac1a393faaa14d3867ca35d],
PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy\4292690E61CB461AB33BCBC67A298AB8, , [84571af1cac1a393faaa14d3867ca35d],
PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy\7E982355B6EB430F85BD017E6E24ADF5, , [84571af1cac1a393faaa14d3867ca35d],
PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy\OpenCandy_DD347F8D86084ABAAEC50FDC35F6620B, , [84571af1cac1a393faaa14d3867ca35d],
PUP.Optional.PriceGong.A, C:\Users\Chaotic Lawliet\AppData\LocalLow\PriceGong, , [9d3ec74487042b0b583ece1ccf3326da],
PUP.Optional.PriceGong.A, C:\Users\Chaotic Lawliet\AppData\LocalLow\PriceGong\Data, , [9d3ec74487042b0b583ece1ccf3326da],
PUP.Optional.PriceGong.A, C:\Users\Chaotic Lawliet\AppData\LocalLow\PriceGong\tmp, , [9d3ec74487042b0b583ece1ccf3326da],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2, , [c219898294f7da5c63a28e5ec9398c74],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\aboutBox, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\aboutBox\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\aboutBox\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac\img, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac\res, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\api, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\msd, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\js\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spbd, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spbd\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spsd, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spsd\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\dlg, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\dlg\ftd, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\dlg\ftd\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gadgetFrame, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf\img, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu\img, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\Optimizer, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\Optimizer\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\Css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view\script, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view\style, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\TWITTER, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\TWITTER\img, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\TWITTER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\WEATHER, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\WEATHER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\WEATHER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\core, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib\jquery.alerts, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib\jquery.alerts\images, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib\jquery.jscrollpane, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\sl, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\components, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults, , [7d5e9e6de0abc86e7de327c6e61c8b75],
PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla


#2 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 August 2015 - 04:24 PM

Suddenly my laptop is working properly and all of the issues seem to be gone now, not sure why or how.
I'm going to give it 24 hours to see if the issues return, if they do I will be sure to return here.



#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 22 August 2015 - 09:50 PM

Hi JGroomes, and welcome to SWI.

You had quite a bit of potentially unwanted programs that Malwarebytes AntiMalware found, but the log doesn't show that it was removed.

Start MBAM.
To the right of Database Version, click Update Now
Click on the Settings tab and in the left column click on Detection and Protection.
Place a checkmark in the option to Scan for rootkits.
At the top of of the Windows click the Scan tab.
If not selected, select Threat Scan and click the Start Scan button.
When finished, be sure to delete everything found, and post the new log.
 

 

Download TFC by OldTimer to your Desktop.

  • Please double-click TFC.exe to run it.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    Let it run uninterrupted untill it has finished.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine to ensure a complete clean.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Download the below tool
Farbar Recovery Scan Tool (64 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will create a log (FRST.txt) in the same directory the tool is run.
The first time the tool is run, it makes creates another log (Addition.txt).
Please post the contents of both, each in their own reply.

 

 

Please post the new log from MBAM, log from AdwCleaner, the log from ESET Online Scanner, and then each in their own reply (so nothing is cut off by the maximum post length), the two logs from FRST (FRST.txt and Addition.txt), and note any errors encountered. If any log is cut off by the maximum post length, please check to see where it cut off, and post the remainder of the log in an additional reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 23 August 2015 - 08:29 PM

Thank you for the quick reply, Joker.
When I turned my laptop on today, the issues have returned. After ESET Online Scanner finished, the issues seem to have disappeared once more. For good or not, I'm not entirely sure. And there were no errors with any of the scans. Logs are below.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/23/2015
Scan Time: 12:37 PM
Logfile: MBAM 8.23.15.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.23.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chaotic Lawliet
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414759
Time Elapsed: 1 hr, 37 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.ELEX, C:\Users\Chaotic Lawliet\Desktop\Games\Starbound\win32\sblclfx.dll, , [c67ae22a0f7c999dec5420afcf32a45c], 
PUP.Optional.Softonic.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js, Good: (), Bad: (user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"mysearch.sweetim.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"q\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"home.sweetim.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\"}|||8641354563111193");), ,[4000cc40e0ab7eb875b894ffe81dd62a]
PUP.Optional.Conduit.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js, Good: (), Bad: (user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.condui...D=IN_DA\"}");),,[c47cf8141f6cba7ca9a95f34050016ea]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
# AdwCleaner v5.003 - Logfile created 23/08/2015 at 16:01:07
# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Chaotic Lawliet - TEMPEST
# Running from : C:\Users\Chaotic Lawliet\Desktop\adwcleaner_5.003.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : YahooAUService
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Chaotic Lawliet\AppData\Local\apn
Folder Found : C:\Users\Chaotic Lawliet\AppData\Local\GigglingGamesSA
Folder Found : C:\Users\Chaotic Lawliet\AppData\Local\OpenCandy
Folder Found : C:\Users\Chaotic Lawliet\AppData\LocalLow\Conduit
Folder Found : C:\Users\Chaotic Lawliet\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Chaotic Lawliet\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\Smartbar
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : RunAsStdUser Task
Task Found : update-sys
Task Found : update-S-1-5-21-2505415791-2747731311-3398940262-1000
Task Found : update-sys
Task Found : update-S-1-5-21-2505415791-2747731311-3398940262-1000
Task Found : update-sys
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\InfoAtoms
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\Web Assistant
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ask.com/?l=dis&o=14196
Data Found : HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ask.com/?l=dis&o=14196
 
***** [ Web browsers ] *****
 
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3220468&octid=CT3220468&ISID=ISID_ID&SearchSource=15&CUI=UN07666358455992717&SSPV=[...]
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.Uninstall", "0");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.isHidden", true);
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("smartbar.machineId", "KNO38NB9Y+S/PRZJSR/YEKEIII6W0J72HYGJIF43LASAA1XQDSTQR43THW6WHWAFNWCJWXRVAIV6LOHC70YT8W");
[C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
[C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9872 bytes] ##########
 
 
 
C:\AdwCleaner\Quarantine\C\Users\Chaotic Lawliet\AppData\Local\GigglingGamesSA\bin\1.0.6.0\gigglinggamesSAHook.dll.vir a variant of Win32/Adware.HotBar.S application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined
C:\Users\Chaotic Lawliet\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Chaotic Lawliet\Desktop\Crap\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined
C:\Users\Chaotic Lawliet\Downloads\CheatEngine62.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
 


#5 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 23 August 2015 - 08:30 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
Ran by Chaotic Lawliet (administrator) on TEMPEST (23-08-2015 21:09:12)
Running from C:\Users\Chaotic Lawliet\Desktop
Loaded Profiles: Chaotic Lawliet (Available Profiles: Chaotic Lawliet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-17] (Microsoft Corporation)
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-14] (Google Inc.)
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [LightShot] => C:\Users\Chaotic Lawliet\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Chaotic Lawliet\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2daa7ced2f2547d1baa9f123ccf0ca55-d54ae5b4a42adb13fe8cade7cdf5e2a8b35ad24d --CMPID ROC_APR201 (the data entry has 22 more characters).
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273601115516l0438z115t47n1p586
URLSearchHook: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {225C4492-3857-42F3-9D50-97A47D1AF763} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS416
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {E8984107-C1A3-4E7A-B45D-96DF0168DDAF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=&apn_ptnrs=FM&apn_dtid=YYYYYYURUS&apn_uid=f44b21fc-f465-45b9-a417-bc4a3921bffa&apn_sauid=299683DA-6A75-4BBC-8BE3-2F0703436E8E
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-30] (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-21] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{96381102-A251-4052-AB1E-ADFA4BE8D1BC}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "http", "195.246.54.202"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks_version", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-12-04] (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-08-30] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-31] ()
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/iggweb3dupdater -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/joyconnectshell -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chaotic Lawliet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2012-07-15] (BYOND)
FF Extension: Bitdefender QuickScan - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-08-22]
FF Extension: Greasemonkey - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
 
Chrome: 
=======
CHR Profile: C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2011-01-29]
CHR Extension: (Tampermonkey) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03]
CHR Extension: (AdBlock) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (LoL - Jinx) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbciboanpmkpbeanbjdcneplghndhcp [2014-05-31]
CHR Extension: (Mahjong Solitaire) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (My Chrome Theme) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-04-07]
CHR HKLM\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5312448 2014-03-19] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 GunBod; C:\Game\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [86352 2014-11-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 CaptureFileMonitor; system32\DRIVERS\CaptureFileMonitor64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ProcObsrv; \??\C:\Windows\SysWOW64\ProcObsrv64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va001; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\001BEDC.tmp [X]
S3 X6va005; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\0051E8B.tmp [X]
S3 X6va006; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\006561B.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-23 21:09 - 2015-08-23 21:11 - 00027946 _____ C:\Users\Chaotic Lawliet\Desktop\FRST.txt
2015-08-23 21:08 - 2015-08-23 21:09 - 00000000 ____D C:\FRST
2015-08-23 21:07 - 2015-08-23 21:07 - 02173952 _____ (Farbar) C:\Users\Chaotic Lawliet\Desktop\FRST64.exe
2015-08-23 16:23 - 2015-08-23 16:23 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-23 16:22 - 2015-08-23 16:22 - 02870984 _____ (ESET) C:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe
2015-08-23 16:15 - 2015-08-23 16:15 - 00010749 _____ C:\Users\Chaotic Lawliet\Desktop\AdwCleaner[C1].txt
2015-08-23 16:06 - 2015-08-23 16:06 - 00009987 _____ C:\Users\Chaotic Lawliet\Desktop\AdwCleaner[S1].txt
2015-08-23 16:01 - 2015-08-23 16:06 - 00000000 ____D C:\AdwCleaner
2015-08-23 15:56 - 2015-08-23 15:56 - 01605632 _____ C:\Users\Chaotic Lawliet\Desktop\adwcleaner_5.003.exe
2015-08-23 15:20 - 2015-08-23 15:20 - 00448512 _____ (OldTimer Tools) C:\Users\Chaotic Lawliet\Desktop\TFC.exe
2015-08-23 14:16 - 2015-08-23 14:16 - 00006990 _____ C:\Users\Chaotic Lawliet\Desktop\MBAM 8.23.15.txt
2015-08-23 09:00 - 2015-08-23 09:00 - 00002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-08-22 17:35 - 2015-08-22 17:35 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Spyware Forum
2015-08-22 16:41 - 2015-08-23 12:24 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\QuickScan
2015-08-22 14:34 - 2015-08-23 12:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-22 14:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 14:16 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-22 14:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-22 12:58 - 2015-08-22 13:17 - 00000000 ____D C:\Windows\system32\MRT
2015-08-22 12:58 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-22 11:59 - 2015-08-22 11:59 - 00000000 _____ C:\Windows\setuperr.log
2015-08-22 11:47 - 2015-08-22 11:47 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-08-22 11:05 - 2015-08-04 08:25 - 00044760 _____ (AVG Technologies) C:\Windows\system32\uxtuneup.dll
2015-08-22 11:05 - 2015-08-04 08:25 - 00036568 _____ (AVG Technologies) C:\Windows\SysWOW64\uxtuneup.dll
2015-08-22 11:05 - 2015-08-04 08:25 - 00030424 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-08-22 11:05 - 2015-08-04 08:25 - 00025816 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-08-22 11:00 - 2015-08-22 11:00 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-08-22 11:00 - 2015-08-22 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2015-08-22 11:00 - 2015-08-04 08:25 - 00041688 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-08-22 10:59 - 2015-08-22 10:59 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\AVG
2015-08-22 10:57 - 2015-08-22 11:00 - 00000000 ____D C:\ProgramData\AVG
2015-08-21 21:09 - 2015-08-21 21:09 - 00002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-21 21:09 - 2015-08-21 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-21 14:05 - 2015-08-21 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-21 10:31 - 2015-08-21 10:30 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-20 03:04 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:04 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:04 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:04 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-15 12:22 - 2015-08-17 18:32 - 00003152 _____ C:\Users\Chaotic Lawliet\Desktop\Destoka's Pokemon Needs!.txt
2015-08-13 08:09 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 08:09 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:52 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 07:52 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 07:52 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 07:52 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 07:52 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 07:52 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 07:52 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 07:52 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 07:52 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 07:52 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 07:52 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 07:52 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 07:52 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 07:52 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 07:52 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 07:52 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 07:52 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 07:52 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 07:52 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 07:52 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 07:52 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 07:52 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 07:52 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 07:52 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 07:52 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 07:52 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 07:52 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 07:52 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 07:52 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 07:52 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 07:52 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 07:52 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 07:52 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 07:52 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 07:52 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 07:52 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 07:52 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 07:52 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 07:52 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 07:52 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 07:52 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 07:52 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 07:52 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 07:52 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 07:51 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 07:51 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 07:51 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 07:51 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 07:51 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 07:51 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 07:51 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 07:51 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 07:51 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 07:51 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 07:51 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 07:51 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 07:51 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 07:51 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 07:51 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 07:51 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 07:51 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 07:51 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 07:51 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 07:51 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 07:51 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 07:51 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 07:51 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 07:51 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 07:51 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 07:50 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 07:50 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 07:50 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 07:50 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 07:50 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 07:50 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 07:50 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 07:50 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 07:50 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 07:50 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 07:50 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 07:50 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 07:50 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 07:50 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 07:50 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 07:50 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 07:50 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 07:50 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 07:50 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 07:50 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 07:50 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 07:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 07:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 07:49 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 07:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 07:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 07:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 07:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 07:44 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 07:44 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 07:44 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 07:44 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 07:44 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 07:44 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 07:44 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 07:43 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

Edited by JGroomes, 23 August 2015 - 08:34 PM.


#6 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 23 August 2015 - 08:32 PM

2015-08-12 07:43 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 07:43 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 07:43 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 07:43 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 07:43 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 07:43 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 07:43 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 07:43 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 07:43 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 07:42 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-03 09:06 - 2015-08-03 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-03 09:06 - 2015-08-03 09:06 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-25 17:33 - 2015-07-25 17:33 - 00000000 ____D C:\Nexon
2015-07-25 17:32 - 2015-08-18 14:13 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\NexonLauncher
2015-07-25 17:32 - 2015-07-25 17:33 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\NexonLauncher
2015-07-25 16:59 - 2015-07-26 10:09 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2015-07-25 16:59 - 2015-07-25 17:06 - 00002047 _____ C:\Users\Chaotic Lawliet\Desktop\Nexon Launcher.lnk
2015-07-25 16:59 - 2015-07-25 16:59 - 00000000 ____D C:\Program Files (x86)\Nexon
2015-07-25 11:29 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-25 11:29 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-25 11:28 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-25 11:28 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-25 11:20 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-25 11:20 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-25 11:20 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-25 11:20 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-25 11:20 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-25 11:20 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-25 11:20 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-25 11:20 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-25 11:20 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-25 11:20 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-25 11:11 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-25 11:11 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-25 11:11 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-25 11:11 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-25 11:11 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-25 11:11 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-25 11:11 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-25 11:11 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-25 11:11 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-25 11:11 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-25 11:11 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-25 11:11 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-23 21:08 - 2011-01-29 03:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 20:51 - 2012-08-12 18:56 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Skype
2015-08-23 20:49 - 2013-06-05 19:36 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2015-08-23 20:49 - 2013-01-28 06:48 - 00000000 ____D C:\Program Files (x86)\uTorrent
2015-08-23 20:49 - 2011-02-09 01:14 - 00000000 ___RD C:\Users\Chaotic Lawliet\Desktop\Crap
2015-08-23 20:23 - 2012-08-16 21:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-23 19:39 - 2010-09-11 17:55 - 01691303 _____ C:\Windows\WindowsUpdate.log
2015-08-23 16:24 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-23 16:24 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-23 16:15 - 2012-09-13 01:47 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\LogMeIn Hamachi
2015-08-23 16:14 - 2011-06-19 14:04 - 00000000 ____D C:\Users\Chaotic Lawliet\Tracing
2015-08-23 16:13 - 2011-01-29 03:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-23 16:12 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-23 16:12 - 2009-07-14 00:51 - 00657923 _____ C:\Windows\setupact.log
2015-08-23 15:10 - 2010-07-14 18:44 - 05576412 _____ C:\Windows\PFRO.log
2015-08-23 14:10 - 2011-01-28 20:54 - 00000000 ____D C:\ProgramData\MFAData
2015-08-22 18:02 - 2011-11-19 11:26 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Games
2015-08-22 17:14 - 2015-05-13 22:54 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Facebook Comment Pics
2015-08-22 11:49 - 2014-07-21 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2015-08-22 11:47 - 2012-04-29 02:28 - 00000000 ____D C:\Users\Chaotic Lawliet\.thumbnails
2015-08-22 11:47 - 2012-04-04 18:53 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\IMVU
2015-08-22 11:47 - 2012-02-03 01:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-22 11:47 - 2011-01-29 02:24 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\.minecraft
2015-08-22 11:47 - 2010-09-11 17:56 - 00000000 ____D C:\ProgramData\Temp
2015-08-22 11:46 - 2009-07-27 16:41 - 00000000 ____D C:\Windows\Panther
2015-08-22 11:45 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-22 11:27 - 2011-01-29 02:54 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\VirtualStore
2015-08-22 11:09 - 2012-09-17 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-22 10:59 - 2011-10-17 20:19 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-22 10:58 - 2015-06-29 12:37 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Avg
2015-08-22 10:47 - 2014-11-24 16:41 - 00001804 _____ C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Start Menu\Infinity Wars.lnk
2015-08-21 21:08 - 2010-07-14 18:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-21 21:00 - 2011-01-29 03:14 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Google
2015-08-21 11:51 - 2012-08-12 18:55 - 00000000 ____D C:\ProgramData\Skype
2015-08-21 10:34 - 2013-11-20 03:20 - 00000000 ____D C:\ProgramData\Oracle
2015-08-21 10:32 - 2011-09-09 11:29 - 00000000 ____D C:\Program Files\Java
2015-08-21 10:30 - 2011-09-09 11:29 - 00321632 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-08-21 10:30 - 2011-09-09 11:29 - 00206944 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-08-21 10:30 - 2011-09-09 11:29 - 00206432 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-08-21 10:28 - 2014-02-13 01:38 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-21 10:28 - 2013-08-21 16:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-18 21:44 - 2015-05-17 17:39 - 00000000 ____D C:\ProgramData\Riot Games
2015-08-14 14:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 23:16 - 2009-07-14 00:45 - 04890528 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 23:12 - 2014-12-13 23:46 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 23:12 - 2014-07-10 03:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 08:07 - 2014-05-24 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:18 - 2014-05-24 03:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:18 - 2014-05-24 03:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 12:24 - 2012-08-16 21:15 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 12:24 - 2012-08-16 21:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 12:24 - 2011-12-14 16:31 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 17:31 - 2011-11-03 23:56 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Akamai
2015-08-10 12:04 - 2011-04-28 09:47 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Awesomeness in a Folder
2015-08-03 12:12 - 2012-11-25 17:23 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-30 08:23 - 2015-06-29 12:51 - 00000615 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-07-30 08:23 - 2015-06-29 12:50 - 00000140 _____ C:\Windows\SysWOW64\usergui.cfg
2015-07-30 08:22 - 2015-06-09 02:51 - 00000848 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-30 08:22 - 2014-05-23 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-26 12:55 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-26 12:40 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-26 12:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-25 16:44 - 2013-06-06 00:39 - 00000000 ___SD C:\Users\Chaotic Lawliet\Documents\Mabinogi
2015-07-25 14:03 - 2011-02-05 06:30 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\vlc
2015-07-25 14:03 - 2011-02-02 00:39 - 00000000 ____D C:\Users\Public\CyberLink
2015-07-25 14:03 - 2010-07-14 19:20 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-25 14:03 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-25 14:03 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-25 14:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-25 14:00 - 2011-07-29 07:35 - 00000000 ____D C:\ProgramData\Real
2015-07-25 10:28 - 2011-01-29 02:53 - 00000000 ____D C:\Users\Chaotic Lawliet
 
==================== Files in the root of some directories =======
 
2013-05-04 16:08 - 2013-05-04 16:08 - 0000052 _____ () C:\Users\Chaotic Lawliet\AppData\Local\3883170B-3F35-4EA0-B02E-71898AC21CDB.INI
2014-01-25 19:09 - 2013-11-11 11:31 - 0091109 _____ () C:\Users\Chaotic Lawliet\AppData\Local\chrome_6486.crx
2013-03-24 04:41 - 2013-03-24 04:41 - 0000003 _____ () C:\Users\Chaotic Lawliet\AppData\Local\updater.log
2013-03-24 04:41 - 2015-04-23 08:56 - 0000424 _____ () C:\Users\Chaotic Lawliet\AppData\Local\UserProducts.xml
2012-08-28 23:11 - 2012-08-28 23:11 - 0000000 _____ () C:\ProgramData\ffabb5e26a6003591549831a2b1c583e_c
 
Files to move or delete:
====================
C:\Users\Chaotic Lawliet\jagex_runescape_preferences.dat
C:\Users\Chaotic Lawliet\jagex_runescape_preferences2.dat
C:\Users\Public\DynamicInstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\Chaotic Lawliet\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 06:52
 
==================== End of log ============================

Edited by JGroomes, 23 August 2015 - 08:34 PM.


#7 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 23 August 2015 - 08:35 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-08-2015
Ran by Chaotic Lawliet (2015-08-23 21:12:30)
Running from C:\Users\Chaotic Lawliet\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2505415791-2747731311-3398940262-500 - Administrator - Disabled)
Chaotic Lawliet (S-1-5-21-2505415791-2747731311-3398940262-1000 - Administrator - Enabled) => C:\Users\Chaotic Lawliet
Guest (S-1-5-21-2505415791-2747731311-3398940262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2505415791-2747731311-3398940262-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - )
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BYOND (HKLM-x32\...\BYOND) (Version: 498.1163 - BYOND)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elsword version 1.11 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: 1.11 - Kill3rCombo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Grand Chase version 1.0.0.1 (HKLM-x32\...\{FF222EB6-6FE1-486E-A9E8-93B5D5D72A8C}_is1) (Version: 1.0.0.1 - SG Interactive)
Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version:  - )
Happy Cloud Client (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
IMVU Avatar Chat Software (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Infinity Wars (HKLM-x32\...\Infinity Wars) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Livestream for Producers (HKLM-x32\...\{524A9978-8E2A-487F-A50B-E71D72F2EDDE}) (Version: 0.0.42 - Livestream)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rumble Fighter (HKLM-x32\...\RumbleFighter) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SWF & FLV Player 3.0 (build 3.0.33.5106) (HKLM-x32\...\SWF & FLV Player_is1) (Version: 3.0.33.5106 - Eltima Software)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24732 - TeamViewer)
TERA (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\teraenmasse) (Version:  - )
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unity Web Player (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{CDCAED05-7803-4713-9BA0-072BD1194B83}) (Version: 1.11.0402 - SAMSUNG)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.6.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
17-08-2015 09:29:11 Windows Update
20-08-2015 03:01:06 Windows Update
22-08-2015 10:58:15 Installed AVG PC TuneUp 2015
22-08-2015 12:57:16 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {20EF8B7E-05C3-4DFD-98E4-8174449F579E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {2692640E-A97B-4C6B-8B4D-606E55563A3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F7782AF-B3B6-4D89-A942-466E9996CDCD} - System32\Tasks\{6EE2B446-6C62-410D-90E3-8B35FA4EB63C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data\data-fix.exe" -d "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data"
Task: {30A8D933-FB5F-4594-936B-B3BA788319E3} - System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Maple Story"
Task: {56551FC5-69CC-4AB4-A4AF-33C6BE69429F} - System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\iROSetupFv1.3.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {62B6B644-CCA8-4E59-8281-7D5A1D2C087B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {62CA758A-340D-4C28-9735-04B650A36AF9} - System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story"
Task: {789916C1-99B4-4E8F-BD18-F37AF9DA3A51} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {94AE92E0-D652-4DB8-B585-7D1D0B306CD9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {9C0D102B-C128-47AD-B511-2E94F693C113} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)
Task: {A0FF3C3E-3E04-4AE9-9140-B1A4D029825B} - System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {A5510CB8-43E4-42D0-A86D-BF6D8EADF322} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation)
Task: {A90F4D43-BDDB-4288-A179-198EE601D6B7} - System32\Tasks\{CC85C907-A2C0-499C-B57E-D6899D02BB6B} => pcalua.exe -a C:\Windows\SysWOW64\_online.exe
Task: {AF9AE99C-EA69-4BB8-8725-74214972AD3F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {B92FD3BB-E38F-4FD1-8A12-4821A56769CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {CCF2005F-2BAC-4473-8ED6-599D764F25F5} - \RealPlayer (32-bit)  -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2013-05-06 19:10 - 2010-03-30 13:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2010-03-08 20:18 - 2010-03-08 20:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-08 20:13 - 2010-03-08 20:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-09-11 18:40 - 2009-05-20 18:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2015-08-21 21:09 - 2015-08-18 01:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 21:09 - 2015-08-18 01:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-21 21:09 - 2015-08-18 01:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxp://aeriagames.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BackgroundContainerV2 => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Chaotic Lawliet\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{55FCE6FB-8477-4D17-88A4-243220923188}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{8E9364A9-4569-4D8E-AA27-D41B5302CE17}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{10AE076D-12C3-4FF7-ABCA-03E704C73A71}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{7D24D6B2-0ACD-49EF-8A3E-3B3BCCF37300}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{9BC864CD-20A3-4852-A035-B3A6FD6AFC65}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{50A266F2-A3C1-4C6C-BE59-EA589C0A8745}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5B1DA6E7-EBAC-4868-95F8-86E548002DCE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E81BEC7D-C0A8-463C-8F41-717C23C0216F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D321272E-7ABA-4569-BC92-F6B8D73C943E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{13F89185-FEA3-4DA5-81C5-49DB3E5B0FFC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{1B9494AC-4B95-495A-A13F-8B7A37E41067}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{10B0810A-7425-49FB-8412-3C5CBA72CB24}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{B45C9BB9-1E83-4DE7-B916-3B1EC7593FB6}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [TCP Query User{8AF26A33-207F-41EB-AE32-705613D3DAFC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{36DE94A6-99AD-434B-8BC6-3B84DC06B87C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{73776358-88A5-41AE-8009-38DA2788A115}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5E83AF13-DFE5-4F5C-8E43-5D82A2C271E7}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CE49BB6E-96E0-4F62-B52E-E747F4749753}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0D25D765-88D7-4553-8289-03F030DFF3EC}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FDF61097-B724-4E93-B63E-8A32CDE8814E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FBF2CEE-F072-4B3B-8ED2-2E029174C786}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{64E17647-807A-4702-8300-95058EA8E453}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe
FirewallRules: [UDP Query User{DE39E9F9-677C-4774-8A7B-9B18B9E1F503}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe
FirewallRules: [TCP Query User{A878EC8E-0678-4832-9C99-091921EAFDB9}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [UDP Query User{DB356D93-DBAF-45C3-9A2C-F43BB1907974}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [{84EDAFC1-2F58-4727-8B69-BE663724BF56}] => (Allow) LPort=443
FirewallRules: [{BEFC1A93-7C4F-4BC4-9F9E-A5D8EAF5B214}] => (Allow) LPort=443
FirewallRules: [{68E4EE2E-3122-49E5-83CB-00913C4FEEFA}] => (Allow) LPort=37674
FirewallRules: [{00054145-DF99-48CD-9AD3-77CAEAE365EA}] => (Allow) LPort=37674
FirewallRules: [{97C53A50-5FF0-4FD2-B7C9-ED7C8931C541}] => (Allow) LPort=37675
FirewallRules: [{11A3CD1A-6B16-4090-8A72-3A5819634CF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D9E8FC75-4A49-469B-B9BB-8D38812D4425}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe
FirewallRules: [{A4725AA6-0581-42F1-9E79-7F42834B2C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe
FirewallRules: [{B90A66D5-1C6E-45A7-B82E-009A149C2B0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe
FirewallRules: [{6AC94A09-7700-4CBE-B621-F745BCC62E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe
FirewallRules: [{55388482-86D5-4D98-8B1A-5B15F914BA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{A797FBB7-1D1F-45A4-BD61-7D7AE73CFCB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{10522428-4248-4CBA-82B5-894EDFE3C2CA}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{DC9C618F-5FFC-432B-8DF6-17185CF392C1}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{7E8E3A8B-CA18-4B20-9E86-ED7E5DB5A1F3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2C521BB3-96A1-4B8A-8DF7-A07EB14EE8D8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{21C6E670-2AC8-4D9F-A7D4-2A40AE777071}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E39AB1C7-3E54-4027-8B29-A84161424CBD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E48A2E88-13C3-4DB5-9A62-E34D80ECEF0C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe
FirewallRules: [UDP Query User{D563F37E-5BC7-486F-90AA-1ABE0788A43C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe
FirewallRules: [{5F7D518C-3CF1-4130-A9D1-060DA48B7B53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{548F6B95-CE41-4DD7-9C4F-6AF30253C958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A1FA0DF4-EC3A-4B51-9A7D-BEB1CA644190}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EEF495F4-3D5A-48A1-8232-5EEAC38BD7B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A0C0E061-9D32-4FA0-8570-C4360789B9F8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8EFE41C3-1F54-4297-92A9-48CA58A2F411}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D32A7871-570E-4312-ACAE-346D7CA61843}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{968743AA-2F05-4748-AF87-D213CE86210B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{615839B9-0BD3-459A-B502-3FD08465C86C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{EDAE4316-3DE9-4704-B438-9AD26A377674}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{B3497598-6E3F-41EE-BB68-172F9A14F237}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{1680C3A4-807C-40DA-BC8F-9EE2712287A5}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{558496BB-4B2A-460D-BA9B-5262278A90CC}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{DA1AC079-0954-4CAE-A9E0-85DB749B2D18}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{2E313764-C6B9-434E-B3FB-B616246533DB}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{818174F8-14EC-4346-AF7F-911973A1D31E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{AB419297-25C5-40DE-A309-1BF748B9C176}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{454A6046-436B-4164-98D3-2864B87D78D5}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{345488BB-7A1E-4F18-B57A-4A4044C29DFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2DC26685-792F-42F8-99D0-9DA65B2F9C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1AA65402-A94A-4AC7-A0EA-6943EDC28C48}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{069A686C-BD3C-40ED-9E99-D904E9F92DD8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{59EE724B-E087-44B8-B9D9-4BFD4198FA10}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{836CEE22-561C-4098-8680-AEB8191DADF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FD0539A9-20B9-41CC-91D7-473041DEDB87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D3BC25F7-D016-4EEC-9715-B33A7CC05D2C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6DE5B291-558C-4D52-B538-768AD1F52A07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C10250A8-FD4D-4FBF-A8CE-9334D1871B40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9844F91B-5EBF-4EBD-B9F9-B62DEC9C95D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2015 08:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.8.64.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a2c
 
Start Time: 01d0de066086b14c
 
Termination Time: 20
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: 58811c65-49fa-11e5-854f-206a8a1423a6
 
Error: (08/23/2015 04:23:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/23/2015 04:22:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/23/2015 04:14:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/23/2015 03:33:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/23/2015 03:11:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/23/2015 03:06:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/22/2015 12:01:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
 
System errors:
=============
Error: (08/23/2015 08:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/23/2015 08:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/23/2015 08:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/23/2015 08:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/23/2015 08:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/23/2015 08:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/23/2015 08:52:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/23/2015 08:52:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/23/2015 08:52:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/23/2015 08:52:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office:
=========================
Error: (08/23/2015 08:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.8.64.102a2c01d0de066086b14c20C:\Program Files (x86)\Skype\Phone\Skype.exe58811c65-49fa-11e5-854f-206a8a1423a6
 
Error: (08/23/2015 04:23:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/23/2015 04:22:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/23/2015 04:14:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/23/2015 03:33:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/23/2015 03:11:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/23/2015 03:06:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (08/22/2015 12:01:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-23 04:11:22.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 04:11:22.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 04:11:22.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:47.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:46.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:46.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 70%
Total physical RAM: 2804.5 MB
Available physical RAM: 833.25 MB
Total Virtual: 5607.2 MB
Available Virtual: 3286.65 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:219.11 GB) (Free:62.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C444C444)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 23 August 2015 - 10:01 PM

Note that ESET Online Scanner said that copies of uTorrent and Cheat Engine 6.2. I recommend uninstalling both.  P2P programs represent a security threat to the information on your system as they allow others to access your system. In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks.

I see you just installed AVG PC TuneUp 2015. If this was not a paid version, I would recommend uninstalling it. It's not a program that I would recommend.

I see that you have TeamViewer installed. As the program allows remote access to your system, please be certain you use a strong password of at least 8 characters with a mix of upper cars, lower case, at least one number and at least one special character.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

start

CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {225C4492-3857-42F3-9D50-97A47D1AF763} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS416
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {E8984107-C1A3-4E7A-B45D-96DF0168DDAF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=&apn_ptnrs=FM&apn_dtid=YYYYYYURUS&apn_uid=f44b21fc-f465-45b9-a417-bc4a3921bffa&apn_sauid=299683DA-6A75-4BBC-8BE3-2F0703436E8E
Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} -  No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
S3 CaptureFileMonitor; system32\DRIVERS\CaptureFileMonitor64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ProcObsrv; \??\C:\Windows\SysWOW64\ProcObsrv64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va001; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\001BEDC.tmp [X]
S3 X6va005; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\0051E8B.tmp [X]
S3 X6va006; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\006561B.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {30A8D933-FB5F-4594-936B-B3BA788319E3} - System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Maple Story"
Task: {56551FC5-69CC-4AB4-A4AF-33C6BE69429F} - System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\iROSetupFv1.3.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {62CA758A-340D-4C28-9735-04B650A36AF9} - System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story"
Task: {A0FF3C3E-3E04-4AE9-9140-B1A4D029825B} - System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {CCF2005F-2BAC-4473-8ED6-599D764F25F5} - \RealPlayer (32-bit)  -> No File <==== ATTENTION

end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

 

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it.
  • If you are using Windows Vista or Windows 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Your Java version is outdated and vulnerable.
Please go to Start > Control Panel > Programs and Features, and uninstall the following:
Java 8 Update 51
Java 8 Update 51 (64-bit)

 
Next, because Java has had so many vulnerabilities, if you don't have a program that requires Java, or a web site you visit that requires it, I recommend leaving it uninstalled. Your system will be more secure. If you decide to reinstall, or find that a program or website requires it, you can download the latest version from here:
http://java.com/en/download/manual.jsp
You should use the Offline version as it doesn't contain any additional unwanted toolbars.
If you reinstall it because a program requires Java, you can increase your security by going to the Java Control Panel (Start > Control Panel > Java), selecting the Security tab, and Unchecking "Enable Java content in the browser".

 

Download the Sophos Virus Removal Tool and save it to your desktop:

  • Be sure to view the 3 short How-to videos on that page.
  • Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
  • Follow the prompts to accept the license agreement, and accept the default location.
  • A message will appear "InstallShield Wizard Completed".
  • Click 'Finish' to start the program.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • A log will be in the following location:
  • Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
    --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • Please post the log in your next reply and note any errors encountered.

 

Please post the log from FRST (Fixlog.txt), the log from Junkware Removal Tool, the log from Sophos Virus Removal Tool, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 24 August 2015 - 05:24 PM

I have uninstalled uTorrent, Cheat Engine 6.2, AVG PC TuneUp 2015. As for TeamViewer, I do use a strong password, but I'll probably uninstall it later as I rarely use it anymore.

I've also uninstalled Java. Thank you for the advice.

 

I've downloaded, installed and used all tools listed. The logs are below.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Chaotic Lawliet (2015-08-24 13:18:12) Run:1
Running from C:\Users\Chaotic Lawliet\Desktop\Spyware Forum
Loaded Profiles: Chaotic Lawliet (Available Profiles: Chaotic Lawliet)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {225C4492-3857-42F3-9D50-97A47D1AF763} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS416
SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {E8984107-C1A3-4E7A-B45D-96DF0168DDAF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=&apn_ptnrs=FM&apn_dtid=YYYYYYURUS&apn_uid=f44b21fc-f465-45b9-a417-bc4a3921bffa&apn_sauid=299683DA-6A75-4BBC-8BE3-2F0703436E8E
Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} -  No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25]
S3 CaptureFileMonitor; system32\DRIVERS\CaptureFileMonitor64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ProcObsrv; \??\C:\Windows\SysWOW64\ProcObsrv64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va001; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\001BEDC.tmp [X]
S3 X6va005; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\0051E8B.tmp [X]
S3 X6va006; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\006561B.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {30A8D933-FB5F-4594-936B-B3BA788319E3} - System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Maple Story"
Task: {56551FC5-69CC-4AB4-A4AF-33C6BE69429F} - System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\iROSetupFv1.3.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {62CA758A-340D-4C28-9735-04B650A36AF9} - System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story"
Task: {A0FF3C3E-3E04-4AE9-9140-B1A4D029825B} - System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {CCF2005F-2BAC-4473-8ED6-599D764F25F5} - \RealPlayer (32-bit)  -> No File <==== ATTENTION
 
end
*****************
 
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03f38c00-dda9-46bf-9475-c6997746c740} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{225C4492-3857-42F3-9D50-97A47D1AF763}" => key removed successfully
HKCR\CLSID\{225C4492-3857-42F3-9D50-97A47D1AF763} => key not found. 
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8984107-C1A3-4E7A-B45D-96DF0168DDAF}" => key removed successfully
HKCR\CLSID\{E8984107-C1A3-4E7A-B45D-96DF0168DDAF} => key not found. 
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{03F38C00-DDA9-46BF-9475-C6997746C740} => value removed successfully
HKCR\CLSID\{03F38C00-DDA9-46BF-9475-C6997746C740} => key not found. 
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila" => key removed successfully
C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx => moved successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila" => key removed successfully
"C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx" => File/Folder not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila" => key removed successfully
"C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx" => File/Folder not found.
CaptureFileMonitor => service removed successfully
EagleX64 => service removed successfully
ProcObsrv => service removed successfully
WinRing0_1_2_0 => service removed successfully
X6va001 => service removed successfully
X6va005 => service removed successfully
X6va006 => service removed successfully
X6va008 => service removed successfully
X6va009 => service removed successfully
X6va011 => service removed successfully
X6va012 => service removed successfully
X6va015 => service removed successfully
X6va016 => service removed successfully
X6va017 => service removed successfully
X6va021 => service removed successfully
X6va022 => service removed successfully
X6va025 => service removed successfully
X6va027 => service removed successfully
X6va028 => service removed successfully
X6va029 => service removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30A8D933-FB5F-4594-936B-B3BA788319E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30A8D933-FB5F-4594-936B-B3BA788319E3}" => key removed successfully
C:\Windows\System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06B71EE2-9598-437A-B550-E5D719A4C07F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56551FC5-69CC-4AB4-A4AF-33C6BE69429F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56551FC5-69CC-4AB4-A4AF-33C6BE69429F}" => key removed successfully
C:\Windows\System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73464F91-A401-4C86-84A8-C9918401783C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62CA758A-340D-4C28-9735-04B650A36AF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62CA758A-340D-4C28-9735-04B650A36AF9}" => key removed successfully
C:\Windows\System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FE0A132-4D64-4C54-A1D9-067C23066335}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0FF3C3E-3E04-4AE9-9140-B1A4D029825B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0FF3C3E-3E04-4AE9-9140-B1A4D029825B}" => key removed successfully
C:\Windows\System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B09288F-2E0A-4793-BB35-03367B28EA4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCF2005F-2BAC-4473-8ED6-599D764F25F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCF2005F-2BAC-4473-8ED6-599D764F25F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayer (32-bit) " => key removed successfully
 
==== End of Fixlog 13:18:13 ====
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by Chaotic Lawliet on Mon 08/24/2015 at 13:21:35.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Chaotic Lawliet\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Chaotic Lawliet\AppData\Roaming\imvuclient
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Chaotic Lawliet\Appdata\LocalLow\FCTB000060231
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Chaotic Lawliet\AppData\Roaming\mozilla\firefox\profiles\cyrlrzfw.default\prefs.js
 
user_pref(CT3220468.BT_Stats.enc, eyJsYXN0X2xvZyI6MTM1OTU2ODI3NywidXVpZCI6NTk3NjQ1Nzg3NzkzMDk0LCJzZXFfaWQiOjEsInNzYiI6MTM1OTU2ODI3N30=);
user_pref(CT3220468.CBOpenMAMSettings.enc, MA==);
user_pref(CT3220468.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.FirstTime, true);
user_pref(CT3220468.FirstTimeFF3, true);
user_pref(CT3220468.LoginRevertSettingsEnabled, true);
user_pref(CT3220468.RevertSettingsEnabled, true);
user_pref(CT3220468.UserID, UN07666358455992717);
user_pref(CT3220468.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3220468.autoDisableScopes, 0);
user_pref(CT3220468.cbcountry_001.enc, VVM=);
user_pref(CT3220468.cbfirsttime.enc, V2VkIEphbiAzMCAyMDEzIDA5OjUxOjA5IEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp);
user_pref(CT3220468.countryCode, US);
user_pref(CT3220468.defaultSearch, false);
user_pref(CT3220468.enableAlerts, always);
user_pref(CT3220468.enableFix404ByUser, FALSE);
user_pref(CT3220468.enableSearchFromAddressBar, false);
user_pref(CT3220468.firstTimeDialogOpened, true);
user_pref(CT3220468.fixPageNotFoundError, true);
user_pref(CT3220468.fixPageNotFoundErrorByUser, true);
user_pref(CT3220468.fixPageNotFoundErrorInHidden, true);
user_pref(CT3220468.fixUrls, true);
user_pref(CT3220468.fullUserID, UN07666358455992717.UP.20130702020005);
user_pref(CT3220468.installType, xpe);
user_pref(CT3220468.isCheckedStartAsHidden, true);
user_pref(CT3220468.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.isFirstTimeToolbarLoading, false);
user_pref(CT3220468.isNewTabEnabled, false);
user_pref(CT3220468.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3220468.isWelcomPage, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3220468.lastVersion, 10.22.3.518);
user_pref(CT3220468.migrateAppsAndComponents, true);
user_pref(CT3220468.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\hxxps%3A%2F%2Fwww.facebook.com%2F\,\EB_MAIN_FRAME_TITLE\:\Facebook\,\EB_TO
user_pref(CT3220468.newSettings, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3220468.openThankYouPage, true);
user_pref(CT3220468.openUninstallPage, false);
user_pref(CT3220468.revertSettingsEnabled, false);
user_pref(CT3220468.search.searchAppId, 129813684258939747);
user_pref(CT3220468.search.searchCount, 0);
user_pref(CT3220468.searchInNewTabEnabled, false);
user_pref(CT3220468.searchInNewTabEnabledByUser, false);
user_pref(CT3220468.searchInNewTabEnabledInHidden, true);
user_pref(CT3220468.searchSuggestEnabledByUser, false);
user_pref(CT3220468.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3220468.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3220468\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://uTorrentControlv2.OurToolbar.com//xpi\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\uTorrentControl_v2 \});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3220468.serviceLayer_services_Configuration_lastUpdate, 1440169276929);
user_pref(CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1359568267489);
user_pref(CT3220468.serviceLayer_services_appsMetadata_lastUpdate, 1359568267493);
user_pref(CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1359568268317);
user_pref(CT3220468.serviceLayer_services_location_lastUpdate, 1372684606119);
user_pref(CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate, 1359972659493);
user_pref(CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate, 1364183654055);
user_pref(CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate, 1361186681633);
user_pref(CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate, 1363255098196);
user_pref(CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate, 1372707378757);
user_pref(CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate, 1372251048158);
user_pref(CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate, 1374941361051);
user_pref(CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate, 1379115072460);
user_pref(CT3220468.serviceLayer_services_login_10.22.3.518_lastUpdate, 1440169276119);
user_pref(CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1359568268417);
user_pref(CT3220468.serviceLayer_services_searchAPI_lastUpdate, 1440169276854);
user_pref(CT3220468.serviceLayer_services_serviceMap_lastUpdate, 1440169276660);
user_pref(CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate, 1359568268377);
user_pref(CT3220468.serviceLayer_services_toolbarSettings_lastUpdate, 1440176477490);
user_pref(CT3220468.serviceLayer_services_translation_lastUpdate, 1440169276588);
user_pref(CT3220468.settingsINI, true);
user_pref(CT3220468.shouldFirstTimeDialog, false);
user_pref(CT3220468.showToolbarPermission, false);
user_pref(CT3220468.startPage, false);
user_pref(CT3220468.toolbarBornServerTime, 30-1-2013);
user_pref(CT3220468.toolbarCurrentServerTime, 21-8-2015);
user_pref(CT3220468.toolbarLoginClientTime, Tue Mar 19 2013 15:28:42 GMT-0700 (Pacific Daylight Time));
user_pref(CT3220468.url_history0001.enc, aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNTk1NjgzNjA2NjYsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM
user_pref(CT3220468_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1440263210667,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
Emptied folder: C:\Users\Chaotic Lawliet\AppData\Roaming\mozilla\firefox\profiles\cyrlrzfw.default\minidumps [244 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  aaaaaaooaijelonlmbcbjkocdnicdfmo,
  bcfjehbfanfhgoehogmbiebedkidedjb,
  booedmolknjekdopkepjjeckmjkdpfgl,
  dlnembnfbcpjnepmfjmngjenhhajpdfd,
  ehgldbbpchgpcfagfpfjgoomddhccfgh,
  ejpbbhjlbipncjklfjjaedaieimbmdda,
  flpcjncodpafbgdpnkljologafpionhb,
  hapjcfhlhbidaflnbnnhkojdpeiooogl,
  ndibdjnfmopecpmkdieinmbadjfpblof
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/24/2015 at 13:38:20.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
2015-08-24 18:18:56.712 Sophos Virus Removal Tool version 2.5.4
2015-08-24 18:18:56.712 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2015-08-24 18:18:56.712 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2015-08-24 18:18:56.712 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-08-24 18:18:56.714 Checking for updates...
2015-08-24 18:19:13.574 Update progress: proxy server not available
2015-08-24 18:19:19.789 Option all = no
2015-08-24 18:19:19.789 Option recurse = yes
2015-08-24 18:19:19.789 Option archive = no
2015-08-24 18:19:19.789 Option service = yes
2015-08-24 18:19:19.789 Option confirm = yes
2015-08-24 18:19:19.789 Option sxl = yes
2015-08-24 18:19:19.793 Option max-data-age = 35
2015-08-24 18:19:19.793 Option EnableSafeClean = yes
2015-08-24 18:19:21.350 Option vdl-logging = yes
2015-08-24 18:19:21.355 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-08-24 18:19:21.355 Machine ID: d4e5c7ddfac24ff2929e56c757718c98
2015-08-24 18:19:21.793 Component SVRTcli.exe version 2.5.4
2015-08-24 18:19:21.794 Component control.dll version 2.5.4
2015-08-24 18:19:21.794 Component SVRTservice.exe version 2.5.4
2015-08-24 18:19:21.795 Component engine\osdp.dll version 1.44.1.2210
2015-08-24 18:19:21.795 Component engine\veex.dll version 3.61.0.2210
2015-08-24 18:19:21.796 Component engine\savi.dll version 8.1.8.2210
2015-08-24 18:19:21.976 Component rkdisk.dll version 1.5.30.0
2015-08-24 18:19:22.024 Version info: Product version 2.5.4
2015-08-24 18:19:22.024 Version info: Detection engine 3.61.0
2015-08-24 18:19:22.024 Version info: Detection data 5.17
2015-08-24 18:19:22.025 Version info: Build date 7/21/2015
2015-08-24 18:19:22.025 Version info: Data files added 402
2015-08-24 18:19:22.025 Version info: Last successful update (not yet updated)
2015-08-24 18:19:40.922 Downloading updates...
2015-08-24 18:19:40.940 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2015-08-24 18:19:40.940 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2015-08-24 18:19:40.940 Update progress: [I49502] Found supplement IDE519 LATEST 
2015-08-24 18:19:40.940 Update progress: [I49502] Found supplement IDE520 LATEST 
2015-08-24 18:19:40.940 Update progress: [I49502] Found supplement IDE521 LATEST 
2015-08-24 18:19:40.940 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-08-24 18:19:40.940 Update progress: [I19463] Syncing product SAVIW32 59
2015-08-24 18:20:32.415 Update progress: [I19463] Syncing product IDE519 196
2015-08-24 18:20:32.874 Installing updates...
2015-08-24 18:20:33.679 Error level 1
2015-08-24 18:20:34.002 Update progress: [I19463] Syncing product IDE520 38
2015-08-24 18:20:34.002 Update progress: [I19463] Syncing product IDE521 1
2015-08-24 18:20:46.841 Update successful
2015-08-24 18:21:13.624 Option all = no
2015-08-24 18:21:13.624 Option recurse = yes
2015-08-24 18:21:13.624 Option archive = no
2015-08-24 18:21:13.624 Option service = yes
2015-08-24 18:21:13.624 Option confirm = yes
2015-08-24 18:21:13.624 Option sxl = yes
2015-08-24 18:21:13.626 Option max-data-age = 35
2015-08-24 18:21:13.626 Option EnableSafeClean = yes
2015-08-24 18:21:14.065 Option vdl-logging = yes
2015-08-24 18:21:14.069 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-08-24 18:21:14.069 Machine ID: d4e5c7ddfac24ff2929e56c757718c98
2015-08-24 18:21:14.071 Component SVRTcli.exe version 2.5.4
2015-08-24 18:21:14.071 Component control.dll version 2.5.4
2015-08-24 18:21:14.071 Component SVRTservice.exe version 2.5.4
2015-08-24 18:21:14.071 Component engine\osdp.dll version 1.44.1.2210
2015-08-24 18:21:14.072 Component engine\veex.dll version 3.61.0.2210
2015-08-24 18:21:14.072 Component engine\savi.dll version 8.1.8.2210
2015-08-24 18:21:14.072 Component rkdisk.dll version 1.5.30.0
2015-08-24 18:21:14.072 Version info: Product version 2.5.4
2015-08-24 18:21:14.073 Version info: Detection engine 3.61.0
2015-08-24 18:21:14.073 Version info: Detection data 5.18G
2015-08-24 18:21:14.073 Version info: Build date 8/18/2015
2015-08-24 18:21:14.073 Version info: Data files added 232
2015-08-24 18:21:14.073 Version info: Last successful update 8/24/2015 2:20:46 PM
 
2015-08-24 18:23:29.326 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2015-08-24 19:33:19.338 Warning: rootkit scan failed to open volume "\\?\Volume{95989338-ec3e-11e2-abbe-206a8a1423a6}" (5)
2015-08-24 19:37:17.051 Could not open C:\hiberfil.sys
2015-08-24 19:40:19.789 Could not open C:\pagefile.sys
2015-08-24 19:58:47.766 >>> Virus 'Mal/Behav-001' found in file C:\Program Files (x86)\Xtreme Jade\element\elementclient.exe
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{0f4b2452-48b9-11e5-bb29-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{aa9c0e27-48e6-11e5-9bd7-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf7b-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf7f-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf83-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf8d-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf94-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abfc4-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abfc8-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abfcc-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-08-24 20:37:38.129 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Chaotic Lawliet\Desktop\Games\Starbound\win32\steam_api.dll
2015-08-24 20:39:02.073 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Chaotic Lawliet\Desktop\Games\Terraria 1.2.4.1\steam_api.dll
2015-08-24 20:55:53.033 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-08-24 20:55:53.033 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-08-24 20:56:13.188 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-08-24 20:56:13.188 Could not open C:\Windows\System32\config\RegBack\SAM
2015-08-24 20:56:13.188 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-08-24 20:56:13.235 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-08-24 20:56:13.235 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-08-24 21:52:39.985 Could not open LOGICAL:0010:00000000
2015-08-24 21:52:39.985 Could not open Q:\
2015-08-24 21:52:40.391 The following items will be cleaned up:
2015-08-24 21:52:40.391 Mal/Behav-001
2015-08-24 21:52:40.391 Mal/VMProtBad-A
 
 
 
No errors encountered to my knowledge.
 

Although strangely the issue I've been having seems to "disappear" around 9pm and seems to be returning around 11am.
Not sure if it's coincidence or caused by anything specific, just thought I would mention it anyway.



#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 24 August 2015 - 06:18 PM

Let's see if disabling unnecessary programs you have running at startup prevents the problem. Malwarebytes makes a great utility for this, StartUpLite, available here:
http://www.malwareby...tuplite</span>/

Double click StartUpLite.exe to run the program.
Disable is checked by default for all unnecessary startups found.
Click Continue.
Reboot and see how the system is running.
If the problem does not re-occur (it could take a while to determine this), figuring out which item caused the problem will be trial and error.

Run StartUpLite, re-enable each item one at a time (Check 'No action'), restarting your system after enabling each item, and when the problem re-occurs, you have found the culprit.

 

Did that help?

I do expect that take some time as the problem is intermittent.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 24 August 2015 - 11:41 PM

I've downloaded and ran the program, but I'm getting this error for each of the startup items on the list:

"Error on value: (startup item name). There was an error creating a MSConfig key."

 

There's only two items on the list, MsnMsgr (Windows Live Messenger) and something called swg ("Part of Google Toolbar. Notifies you of newest toolbar versions." is its description). I've followed through and rebooted my laptop anyway just to be sure.

 

I've also noticed a problem today that occurs with the rest of the issues I've been having. When ever I right-click a bookmarked link in Google Chrome, it opens in a new tab as if I've clicked it with the middle button/scroll wheel on my mouse. And as I've mentioned previously, clicking a tab in Google Chrome will close the tab without clicking the tiny 'x', again something that would happen if I had clicked with the wheel button.

Could there possibly be a problem with my mouse and touchpad drivers? Or maybe a bad mouse? (even though the issues still occur while the mouse is unplugged, and I'm not sure it would explain everything on my screen locking up until I open the ctrl+alt+del screen).

 

None of these clicking issues seem to happen while I play games though, the mouse buttons function as they should..

Anyway, thought I would mention all of that while I still remember it all.
Thank you so much for the help you've provided so far. I'll check back sometime in the morning.

 

Update: Woke up with the issues still going on. I did notice though that while using Firefox, the scroll function activated by pressing the middle/scroll button will occasionally keep switching on and off without even pressing it, and would only stop after unplugging the mouse from my laptop.

 

Update #2: The problem seems to be getting a little worse now. Sometimes the cursor will click and hold onto a tab/file and not let go until I left-click with my mouse, and now it's gotten to where the ctrl+alt+del screen will lock up for around 10~20 seconds before closing after I click 'cancel'.


Edited by JGroomes, 25 August 2015 - 01:20 PM.


#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 25 August 2015 - 04:53 PM

Do you have a different mouse that you can swap to that system to see if that is the problem?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 25 August 2015 - 10:13 PM

I found an older USB mouse and just plugged it in and installed the driver. The mouse worked, but the same issues were there except for the random/constant scrolling as the mouse I tried lacks a scroll wheel.



#14 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 03 September 2015 - 12:34 PM

So, the day after my last post, at around 5pm, the issues went away and were completely gone, everything returned to normal.
But today, just 10 minutes ago, the same issues have returned after having been gone for 8 days straight.

You haven't replied since my last post, and that is fine.
I just thought I would update this post again anyway.



#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 03 September 2015 - 07:25 PM

Sorry, I missed the reply.

 

 

Download and save to your Desktop RogueKiller for 64bit

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click and select "Run as Administrator to start".
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan.
  • Wait until the Status box shows "Scan Finished"
  • Click on Delete
  • Wait unit the Status box shows Deleting Finished
  • Click on Report and copy/paste the content of the Notepad
  • The log should be found in RKreport[1].txt on your Desktop
  • Close RogueKiller

Please post the log from RogueKiller.

 

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 05 September 2015 - 09:25 PM

Sorry for the late reply, was busy yesterday and most of today. I've finally run the scan, the log is below.

 

 

RogueKiller V10.10.4.0 (x64) [Sep  4 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chaotic Lawliet [Administrator]
Started from : C:\Users\Chaotic Lawliet\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 09/05/2015 22:19:03
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 7 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe  -> ERROR [0]
[PUP] (X64) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Chaotic Lawliet\AppData\Local\Skillbrains\lightshot\Lightshot.exe  -> ERROR [0]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Chaotic Lawliet\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2daa7ced2f2547d1baa9f123ccf0ca55-d54ae5b4a42adb13fe8cade7cdf5e2a8b35ad24d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x][x] -> ERROR [0]
[PUP] (X86) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Chaotic Lawliet\AppData\Local\Skillbrains\lightshot\Lightshot.exe  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Chaotic Lawliet\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2daa7ced2f2547d1baa9f123ccf0ca55-d54ae5b4a42adb13fe8cade7cdf5e2a8b35ad24d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x][x] -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft...er=6&ar=msnhome -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft...er=6&ar=msnhome -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 6 ¤¤¤
[FIREFX:Addon] cyrlrzfw.default : Greasemonkey [{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] -> Deleted
[FIREFX:Addon] cyrlrzfw.default : Bitdefender QuickScan [{e001c731-5e37-4538-a5cb-8168736a2360}] -> Deleted
[FIREFX:Addon] cyrlrzfw.default : RealPlayer Browser Record Plugin [{0153E448-190B-4987-BDE1-F256CADA672F}] -> Deleted
[FIREFX:Addon] cyrlrzfw.default : Free Download Manager plugin [fdm_ffext@freedownloadmanager.org] -> Deleted
[PUM.Proxy][FIREFX:Config] cyrlrzfw.default : user_pref("network.proxy.http", "195.246.54.202"); -> Deleted
[PUM.Proxy][FIREFX:Config] cyrlrzfw.default : user_pref("network.proxy.http_port", 8080); -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++
--- User ---
[MBR] 46fa17a72513fc2b9411ad36b4695dd2
[BSP] bc2cca40aef39d9c594f0026c645b67e : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 28674048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 28878848 | Size: 224373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 06 September 2015 - 10:13 AM

There were a few errors removing items.

 

Reboot to Safe mode.

http://windows.micro...-mode=windows-7

 

Please rerun RogueKiller

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click and select "Run as Administrator to start".
  • Start RogueKiller
  • Wait until Prescan has finished
  • Click on Scan.
  • Wait until the Status box shows "Scan Finished"
  • Click on Delete
  • Wait unit the Status box shows Deleting Finished
  • Click on Report and copy/paste the content of the Notepad
  • The log should be found in RKreport[x].txt on your Desktop (where x is a number)
  • Close RogueKiller

Reboot your system.

 

Please post the new log from RogueKiller.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 September 2015 - 12:43 PM

Rebooted in safe mode and ran RogueKiller. Logs are below.

 

RogueKiller V10.10.4.0 (x64) [Sep  4 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Chaotic Lawliet [Administrator]
Started from : C:\Users\Chaotic Lawliet\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 09/07/2015 13:31:09
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++
--- User ---
[MBR] 46fa17a72513fc2b9411ad36b4695dd2
[BSP] bc2cca40aef39d9c594f0026c645b67e : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 28674048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 28878848 | Size: 224373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,373 posts

Posted 07 September 2015 - 09:32 PM

Using Windows Explorer, delete the following folder:
C:\Program Files (x86)\Razer

Delete your current copy of FRST.txt and Addition.txt
Rerun Farbar Recovery Scan Tool (64 bit)
Double-click to run it. When the tool opens click Yes to disclaimer.
Place a checkmark in the box for Addition.txt
Press the Scan button.
It will create two logs (FRST.txt and Addition.txt) in the same directory the tool is run.
Please post the contents of both, each in their own reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 September 2015 - 02:38 PM

Deleted the FRST.txt and Addition.txt files and ran FRST. Logs are below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Chaotic Lawliet (administrator) on TEMPEST (08-09-2015 15:30:58)
Running from C:\Users\Chaotic Lawliet\Desktop\Spyware Forum
Loaded Profiles: Chaotic Lawliet (Available Profiles: Chaotic Lawliet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-14] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{96381102-A251-4052-AB1E-ADFA4BE8D1BC}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-30] (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks_version", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-12-04] (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-08-30] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-31] ()
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/iggweb3dupdater -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/joyconnectshell -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chaotic Lawliet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2012-07-15] (BYOND)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [not found]
FF Extension: No Name - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Mahjong Solitaire) - internal-remoting-viewer
CHR Plugin: (Remoting Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\gcswf32.dll No File
CHR Plugin: (Flash) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (AVG Internet Security) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
CHR Plugin: (BYOND stub plugin for Mozilla) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer) - C:\Users\Chaotic Lawliet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Unity Player) - C:\Windows\system32\npOGPPlugin.dll No File
CHR Plugin: (OGPlanet Game Plugin) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Silverlight) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2011-01-29]
CHR Extension: (Tampermonkey) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03]
CHR Extension: (AdBlock) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (LoL - Jinx) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbciboanpmkpbeanbjdcneplghndhcp [2014-05-31]
CHR Extension: (Mahjong Solitaire) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (My Chrome Theme) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-04-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5312448 2014-03-19] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GunBod; C:\Game\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [86352 2014-11-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-09-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-05 01:19 - 2015-09-06 13:14 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\CrashDumps
2015-09-04 17:53 - 2015-09-07 13:10 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-04 17:53 - 2015-09-05 22:20 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-03 17:56 - 2015-09-05 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 00:32 - 2015-09-02 00:35 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Tap_Dungeon
2015-09-01 22:18 - 2015-09-01 22:18 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\com.bluemanchu.CardHunter
2015-09-01 20:15 - 2015-09-01 20:15 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Steam
2015-09-01 20:15 - 2015-09-01 20:15 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\CEF
2015-09-01 02:16 - 2015-09-01 02:16 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Sun
2015-09-01 02:16 - 2015-09-01 02:16 - 00000000 ____D C:\Users\Chaotic Lawliet\.oracle_jre_usage
2015-09-01 02:16 - 2015-09-01 02:15 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-01 02:15 - 2015-09-01 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-25 00:22 - 2015-08-25 00:22 - 00003210 _____ C:\Windows\System32\Tasks\{B53F021A-4AC3-4754-BFA6-301A9C869B82}
2015-08-24 14:18 - 2015-08-24 14:19 - 00000000 ____D C:\ProgramData\Sophos
2015-08-24 14:18 - 2015-08-24 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-08-24 14:17 - 2015-08-24 14:17 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-08-24 13:48 - 2015-08-24 13:48 - 00000000 _____ C:\Windows\SysWOW64\REN31E.tmp
2015-08-23 21:08 - 2015-09-08 15:31 - 00000000 ____D C:\FRST
2015-08-23 16:23 - 2015-08-23 16:23 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-23 16:01 - 2015-08-23 16:06 - 00000000 ____D C:\AdwCleaner
2015-08-22 17:35 - 2015-09-08 15:30 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Spyware Forum
2015-08-22 16:41 - 2015-08-23 12:24 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\QuickScan
2015-08-22 14:34 - 2015-08-23 12:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-22 14:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 14:16 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-22 14:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-22 12:58 - 2015-08-22 13:17 - 00000000 ____D C:\Windows\system32\MRT
2015-08-22 12:58 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-22 11:59 - 2015-08-22 11:59 - 00000000 _____ C:\Windows\setuperr.log
2015-08-22 11:47 - 2015-08-22 11:47 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-08-22 10:59 - 2015-08-22 10:59 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\AVG
2015-08-22 10:57 - 2015-08-22 11:00 - 00000000 ____D C:\ProgramData\AVG
2015-08-21 21:09 - 2015-09-03 23:26 - 00002066 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-21 21:09 - 2015-08-21 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-20 03:04 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:04 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:04 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:04 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-15 12:22 - 2015-08-17 18:32 - 00003152 _____ C:\Users\Chaotic Lawliet\Desktop\Destoka's Pokemon Needs!.txt
2015-08-13 08:09 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 08:09 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:52 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 07:52 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 07:52 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 07:52 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 07:52 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 07:52 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 07:52 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 07:52 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 07:52 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 07:52 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 07:52 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 07:52 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 07:52 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 07:52 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 07:52 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 07:52 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 07:52 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 07:52 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 07:52 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 07:52 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 07:52 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 07:52 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 07:52 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 07:52 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 07:52 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 07:52 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 07:52 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 07:52 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 07:52 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 07:52 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 07:52 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 07:52 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 07:52 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 07:52 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 07:52 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 07:52 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 07:52 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 07:52 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 07:52 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 07:52 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 07:52 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 07:52 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 07:52 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 07:52 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 07:51 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 07:51 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 07:51 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 07:51 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 07:51 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 07:51 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 07:51 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 07:51 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 07:51 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 07:51 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 07:51 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 07:51 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 07:51 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 07:51 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 07:51 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 07:51 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 07:51 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 07:51 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 07:51 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 07:51 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 07:51 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 07:51 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 07:51 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 07:51 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 07:51 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 07:51 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 07:51 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 07:51 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 07:50 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 07:50 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 07:50 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 07:50 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 07:50 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 07:50 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 07:50 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 07:50 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 07:50 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 07:50 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 07:50 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 07:50 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 07:50 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 07:50 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 07:50 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 07:50 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 07:50 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 07:50 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 07:50 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 07:50 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 07:50 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 07:50 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 07:50 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 07:50 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 07:50 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 07:50 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 07:50 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 07:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 07:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 07:49 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 07:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 07:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 07:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 07:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 07:44 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 07:44 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 07:44 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 07:44 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 07:44 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 07:44 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 07:44 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 07:43 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 07:43 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 07:43 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 07:43 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 07:43 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 07:43 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 07:43 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 07:43 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 07:43 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 07:43 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 07:43 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 07:42 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-08 15:24 - 2012-08-12 18:56 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Skype
2015-09-08 15:24 - 2010-09-11 17:55 - 01261727 _____ C:\Windows\WindowsUpdate.log
2015-09-08 15:23 - 2012-08-16 21:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-08 15:14 - 2011-01-29 03:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-08 14:28 - 2009-07-14 00:51 - 00663165 _____ C:\Windows\setupact.log
2015-09-08 12:44 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-08 12:44 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 12:38 - 2012-09-13 01:47 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\LogMeIn Hamachi
2015-09-08 12:36 - 2011-01-29 03:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 12:36 - 2011-01-28 20:54 - 00000000 ____D C:\ProgramData\MFAData
2015-09

#21 JGroomes

JGroomes

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 September 2015 - 02:39 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by Chaotic Lawliet (2015-09-08 15:34:15)
Running from C:\Users\Chaotic Lawliet\Desktop\Spyware Forum
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-29 06:53:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2505415791-2747731311-3398940262-500 - Administrator - Disabled)
Chaotic Lawliet (S-1-5-21-2505415791-2747731311-3398940262-1000 - Administrator - Enabled) => C:\Users\Chaotic Lawliet
Guest (S-1-5-21-2505415791-2747731311-3398940262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2505415791-2747731311-3398940262-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - )
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BYOND (HKLM-x32\...\BYOND) (Version: 498.1163 - BYOND)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elsword version 1.11 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: 1.11 - Kill3rCombo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Grand Chase version 1.0.0.1 (HKLM-x32\...\{FF222EB6-6FE1-486E-A9E8-93B5D5D72A8C}_is1) (Version: 1.0.0.1 - SG Interactive)
Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version:  - )
Happy Cloud Client (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
IMVU Avatar Chat Software (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Infinity Wars (HKLM-x32\...\Infinity Wars) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Livestream for Producers (HKLM-x32\...\{524A9978-8E2A-487F-A50B-E71D72F2EDDE}) (Version: 0.0.42 - Livestream)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rumble Fighter (HKLM-x32\...\RumbleFighter) (Version:  - )
Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version:  - Winged Cloud)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SWF & FLV Player 3.0 (build 3.0.33.5106) (HKLM-x32\...\SWF & FLV Player_is1) (Version: 3.0.33.5106 - Eltima Software)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24732 - TeamViewer)
TERA (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\teraenmasse) (Version:  - )
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unity Web Player (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{CDCAED05-7803-4713-9BA0-072BD1194B83}) (Version: 1.11.0402 - SAMSUNG)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.6.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
24-08-2015 13:02:22 Removed AVG PC TuneUp 2015 (en-US)
24-08-2015 13:21:36 JRT Pre-Junkware Removal
24-08-2015 13:47:12 Removed Java 8 Update 51
24-08-2015 13:54:14 Removed Java 8 Update 51 (64-bit)
24-08-2015 14:17:00 Installed Sophos Virus Removal Tool.
26-08-2015 16:41:35 Windows Update
30-08-2015 12:02:23 Windows Update
02-09-2015 12:26:09 Windows Update
05-09-2015 16:52:37 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {20EF8B7E-05C3-4DFD-98E4-8174449F579E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {2692640E-A97B-4C6B-8B4D-606E55563A3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2F7782AF-B3B6-4D89-A942-466E9996CDCD} - System32\Tasks\{6EE2B446-6C62-410D-90E3-8B35FA4EB63C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data\data-fix.exe" -d "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data"
Task: {56EA17E7-0C95-4F56-ACB9-A169F7E7E7E8} - System32\Tasks\{B53F021A-4AC3-4754-BFA6-301A9C869B82} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\startuplite-setup-1.07.exe" -d "C:\Users\Chaotic Lawliet\Desktop"
Task: {62B6B644-CCA8-4E59-8281-7D5A1D2C087B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {789916C1-99B4-4E8F-BD18-F37AF9DA3A51} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {94AE92E0-D652-4DB8-B585-7D1D0B306CD9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {A5510CB8-43E4-42D0-A86D-BF6D8EADF322} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {A90F4D43-BDDB-4288-A179-198EE601D6B7} - System32\Tasks\{CC85C907-A2C0-499C-B57E-D6899D02BB6B} => pcalua.exe -a C:\Windows\SysWOW64\_online.exe
Task: {AF9AE99C-EA69-4BB8-8725-74214972AD3F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {B92FD3BB-E38F-4FD1-8A12-4821A56769CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-02-16 23:07 - 2010-03-15 15:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-05-06 19:10 - 2010-03-30 13:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
2010-03-08 20:18 - 2010-03-08 20:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-08 20:13 - 2010-03-08 20:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-09-11 18:40 - 2009-05-20 18:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxp://aeriagames.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BackgroundContainerV2 => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Chaotic Lawliet\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{55FCE6FB-8477-4D17-88A4-243220923188}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{8E9364A9-4569-4D8E-AA27-D41B5302CE17}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{10AE076D-12C3-4FF7-ABCA-03E704C73A71}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{7D24D6B2-0ACD-49EF-8A3E-3B3BCCF37300}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{9BC864CD-20A3-4852-A035-B3A6FD6AFC65}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{50A266F2-A3C1-4C6C-BE59-EA589C0A8745}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5B1DA6E7-EBAC-4868-95F8-86E548002DCE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D321272E-7ABA-4569-BC92-F6B8D73C943E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{13F89185-FEA3-4DA5-81C5-49DB3E5B0FFC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{1B9494AC-4B95-495A-A13F-8B7A37E41067}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{10B0810A-7425-49FB-8412-3C5CBA72CB24}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{B45C9BB9-1E83-4DE7-B916-3B1EC7593FB6}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [TCP Query User{8AF26A33-207F-41EB-AE32-705613D3DAFC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{36DE94A6-99AD-434B-8BC6-3B84DC06B87C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{73776358-88A5-41AE-8009-38DA2788A115}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5E83AF13-DFE5-4F5C-8E43-5D82A2C271E7}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CE49BB6E-96E0-4F62-B52E-E747F4749753}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0D25D765-88D7-4553-8289-03F030DFF3EC}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FDF61097-B724-4E93-B63E-8A32CDE8814E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FBF2CEE-F072-4B3B-8ED2-2E029174C786}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{64E17647-807A-4702-8300-95058EA8E453}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe
FirewallRules: [UDP Query User{DE39E9F9-677C-4774-8A7B-9B18B9E1F503}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe
FirewallRules: [TCP Query User{A878EC8E-0678-4832-9C99-091921EAFDB9}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [UDP Query User{DB356D93-DBAF-45C3-9A2C-F43BB1907974}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [{84EDAFC1-2F58-4727-8B69-BE663724BF56}] => (Allow) LPort=443
FirewallRules: [{BEFC1A93-7C4F-4BC4-9F9E-A5D8EAF5B214}] => (Allow) LPort=443
FirewallRules: [{68E4EE2E-3122-49E5-83CB-00913C4FEEFA}] => (Allow) LPort=37674
FirewallRules: [{00054145-DF99-48CD-9AD3-77CAEAE365EA}] => (Allow) LPort=37674
FirewallRules: [{97C53A50-5FF0-4FD2-B7C9-ED7C8931C541}] => (Allow) LPort=37675
FirewallRules: [{11A3CD1A-6B16-4090-8A72-3A5819634CF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D9E8FC75-4A49-469B-B9BB-8D38812D4425}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe
FirewallRules: [{A4725AA6-0581-42F1-9E79-7F42834B2C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe
FirewallRules: [{B90A66D5-1C6E-45A7-B82E-009A149C2B0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe
FirewallRules: [{6AC94A09-7700-4CBE-B621-F745BCC62E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe
FirewallRules: [{55388482-86D5-4D98-8B1A-5B15F914BA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{A797FBB7-1D1F-45A4-BD61-7D7AE73CFCB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{10522428-4248-4CBA-82B5-894EDFE3C2CA}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{DC9C618F-5FFC-432B-8DF6-17185CF392C1}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{7E8E3A8B-CA18-4B20-9E86-ED7E5DB5A1F3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2C521BB3-96A1-4B8A-8DF7-A07EB14EE8D8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{21C6E670-2AC8-4D9F-A7D4-2A40AE777071}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E39AB1C7-3E54-4027-8B29-A84161424CBD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E48A2E88-13C3-4DB5-9A62-E34D80ECEF0C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe
FirewallRules: [UDP Query User{D563F37E-5BC7-486F-90AA-1ABE0788A43C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe
FirewallRules: [{5F7D518C-3CF1-4130-A9D1-060DA48B7B53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{548F6B95-CE41-4DD7-9C4F-6AF30253C958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A1FA0DF4-EC3A-4B51-9A7D-BEB1CA644190}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EEF495F4-3D5A-48A1-8232-5EEAC38BD7B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A0C0E061-9D32-4FA0-8570-C4360789B9F8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8EFE41C3-1F54-4297-92A9-48CA58A2F411}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D32A7871-570E-4312-ACAE-346D7CA61843}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{968743AA-2F05-4748-AF87-D213CE86210B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{615839B9-0BD3-459A-B502-3FD08465C86C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{EDAE4316-3DE9-4704-B438-9AD26A377674}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{B3497598-6E3F-41EE-BB68-172F9A14F237}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{1680C3A4-807C-40DA-BC8F-9EE2712287A5}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{558496BB-4B2A-460D-BA9B-5262278A90CC}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{DA1AC079-0954-4CAE-A9E0-85DB749B2D18}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{2E313764-C6B9-434E-B3FB-B616246533DB}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{818174F8-14EC-4346-AF7F-911973A1D31E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{AB419297-25C5-40DE-A309-1BF748B9C176}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{454A6046-436B-4164-98D3-2864B87D78D5}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{345488BB-7A1E-4F18-B57A-4A4044C29DFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2DC26685-792F-42F8-99D0-9DA65B2F9C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1AA65402-A94A-4AC7-A0EA-6943EDC28C48}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{069A686C-BD3C-40ED-9E99-D904E9F92DD8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{59EE724B-E087-44B8-B9D9-4BFD4198FA10}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{836CEE22-561C-4098-8680-AEB8191DADF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FD0539A9-20B9-41CC-91D7-473041DEDB87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D3BC25F7-D016-4EEC-9715-B33A7CC05D2C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6DE5B291-558C-4D52-B538-768AD1F52A07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C10250A8-FD4D-4FBF-A8CE-9334D1871B40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0BD65AF-7467-47C1-BB99-78A3A57024EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D606B4D6-7DE8-4350-8D02-C8399A21AC07}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D50AF93-3CFF-4A3B-B581-B029F79BCE12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{6591E03B-7E11-40B0-9F58-C028F8096BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{CC12986C-7A81-4D27-8C95-7C30760F9F89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{D11E464B-6E63-44BA-A6AB-06E52040093B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{5C4DA899-251B-4C1E-9F04-2041B412FD88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2015 03:28:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (09/08/2015 12:32:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/07/2015 01:34:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/07/2015 01:08:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (09/07/2015 12:55:38 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/06/2015 01:13:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x146c
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
 
Error: (09/06/2015 01:07:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/05/2015 11:52:58 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/05/2015 11:33:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x16d4
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
 
Error: (09/05/2015 11:27:34 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
 
System errors:
=============
Error: (09/08/2015 12:35:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (09/07/2015 09:06:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer9 service.
 
Error: (09/07/2015 04:10:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (09/07/2015 01:35:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (09/07/2015 01:35:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The AVGIDSAgent service hung on starting.
 
Error: (09/07/2015 01:09:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (09/08/2015 03:28:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\Spyware Forum\esetsmartinstaller_enu.exe
 
Error: (09/08/2015 12:32:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/07/2015 01:34:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/07/2015 01:08:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\Spyware Forum\esetsmartinstaller_enu.exe
 
Error: (09/07/2015 12:55:38 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/06/2015 01:13:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d24146c01d0e8c75bfcf756C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exea73c18a1-54ba-11e5-98e4-206a8a1423a6
 
Error: (09/06/2015 01:07:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/05/2015 11:52:58 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (09/05/2015 11:33:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d2416d401d0e7f01deab3b6C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe6cda22f6-53e3-11e5-bac7-206a8a1423a6
 
Error: (09/05/2015 11:27:34 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-23 04:11:22.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 04:11:22.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-23 04:11:22.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:52.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:47.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:46.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-22 11:04:46.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 2804.5 MB
Available physical RAM: 1593.56 MB
Total Virtual: 5607.2 MB
Available Virtual: 3852.56 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:219.11 GB) (Free:56.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C444C444)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!