Still Infected - Printable Version +- Britec Tech Support Forum (https://briteccomputers.co.uk/forum) +-- Forum: Computer Security (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=50) +--- Forum: Security, Viruses, Trojans & Malware Removal (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=30) +--- Thread: Still Infected (/showthread.php?tid=368) |
Still Infected - Shadowtime101 - 12-04-2014 Hi, Ok when you guys previously helped me it got better, but then it went back to being slow again. My task manager, browser and my computer can become so unresponsive that I have to force reboot. Also it takes a while to start up like 5 minutes. On my task manager when I looked at it and searched some stuff up, it came up that malware could be using it causing my CPU to skyrocket like windows module installer and others. I still believe that my laptop is still infected, but with something different because all scans don't detect it at all and some stuff has been popping up on my laptop like the desktop.ini and I did not do anything to make that pop up but I was able to make it hidden again. Please help. Thanks, Shadowtime101 RE: Still Infected - Timster - 12-04-2014 (12-04-2014, 02:11 AM)Shadowtime101 Wrote: Hi, Have you tested your hard drive? Please download and run Crystal Disk Info and post up those results. @nsm0220 why would you suggest uninstalling Avast? RE: Still Infected - Britec - 12-04-2014 Please download Farbar Recovery Scan Tool from Here and save it to your desktop. Please Note: You need to run the right version 32bit or 64bit. please choose right version to download...not sure which version? download both of them and run them. Only the right version will run on your computer system. · Right click and run as administrator. When the tool opens click Yes to disclaimer. · Press Scan button. · A log file will be created, called (FRST.txt) it will be where the tool was run from. · Please copy and paste log in this post. · It also makes also another log on the first time is run called (Addition.txt). Please paste that into your next reply. RE: Still Infected - GuiltySpark - 12-04-2014 @Shadowtime101 We would need to know what has already been tried so we're not going over the same old stuff. @Timster The folks on the Avast forum called his malware testing vids immature, he didn't like it too much and has reacted against them ever since. However, there is an issue with some people saying that adware has started appearing due to their Avast install. But that's because they don't see the slightly hidden "extra installs". RE: Still Infected - nsm0220 - 12-04-2014 (12-04-2014, 02:49 PM)Timster Wrote:because had 2 avs running at the same and avast zero day protection is junk(12-04-2014, 02:11 AM)Shadowtime101 Wrote: Hi, (12-04-2014, 03:23 PM)GuiltySpark Wrote: @Shadowtime101i was 17 at the time avast was bullying me to death because they hated gdata i even got an email from one of say that they what gdata to be gone (12-04-2014, 03:23 PM)Britec Wrote: Please download Farbar Recovery Scan Tool from Here and save it to your desktop.britec his laptop haves no malware i cheek his laptop over and over RE: Still Infected - Shadowtime101 - 12-04-2014 I really don't know what's been going on with my laptop it has experienced the automatic repair loop or hardware failure before but I was able to get it out of that, plus when it told me to restore I restored to an infected restore point because all of them were infected, so that is one reason why I think it is infected still and maybe hardware problems I don't know. ---------------------------------------------------------------------------- CrystalDiskInfo 6.2.1 © 2008-2014 hiyohiyo Crystal Dew World : https://crystalmark.info/ ---------------------------------------------------------------------------- OS : Windows 8 [6.2 Build 9200] (x64) Date : 2014/12/04 16:28:36 -- Controller Map ---------------------------------------------------------- + AMD SATA Controller [ATA] - ST500LT0 12-9WS142 SATA Disk Device - hp DVD A DS8A9SH SATA CdRom Device - Microsoft Storage Spaces Controller [SCSI] -- Disk List --------------------------------------------------------------- (1) ST500LT012-9WS142 : 500.1 GB [0/0/0, pd1] - st ---------------------------------------------------------------------------- (1) ST500LT012-9WS142 ---------------------------------------------------------------------------- Model : ST500LT012-9WS142 Firmware : 0001YAM1 Serial Number : S0VAKNZM Disk Size : 500.1 GB (8.4/137.4/500.1/500.1) Buffer Size : 16384 KB Queue Depth : 32 # of Sectors : 976773168 Rotation Rate : 5400 RPM Interface : Serial ATA Major Version : ATA8-ACS Minor Version : ATA8-ACS version 4 Transfer Mode : SATA/300 | SATA/300 Power On Hours : 2469 hours Power On Count : 1254 count Temperature : 31 C (87 F) Health Status : Good Features : S.M.A.R.T., APM, 48bit LBA, NCQ APM Level : 8080h [ON] AAM Level : ---- -- S.M.A.R.T. -------------------------------------------------------------- ID Cur Wor Thr RawValues(6) Attribute Name 01 115 _99 __6 00000523B3E8 Read Error Rate 03 _99 _99 __0 000000000000 Spin-Up Time 04 _98 _98 __0 000000000944 Start/Stop Count 05 100 100 _36 000000000000 Reallocated Sectors Count 07 _78 _60 _30 00000470342B Seek Error Rate 09 _98 _98 __0 0000000009A5 Power-On Hours 0A 100 100 _97 000000000000 Spin Retry Count 0C _99 _99 __0 0000000004E6 Power Cycle Count B7 100 100 __0 000000000000 Vendor Specific B8 100 100 _97 000000000000 End-to-End Error BB _44 _44 __0 000000000038 Reported Uncorrectable Errors BC 100 __1 __0 000000000432 Command Timeout BD 100 100 __0 000000000000 High Fly Writes BE _69 _44 _45 00011F15001F Airflow Temperature BF 100 100 __0 00000000001D G-Sense Error Rate C0 100 100 __0 000000000062 Power-off Retract Count C1 _96 _96 __0 0000000023FA Load/Unload Cycle Count C2 _31 _56 __0 00100000001F Temperature C4 100 100 __0 000000000000 Reallocation Event Count C5 100 100 __0 000000000000 Current Pending Sector Count C6 100 100 __0 000000000000 Uncorrectable Sector Count C7 200 200 __0 000000000000 UltraDMA CRC Error Count FE 100 100 __0 000000000000 Free Fall Protection -- IDENTIFY_DEVICE --------------------------------------------------------- 0 1 2 3 4 5 6 7 8 9 000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000 010: 5330 5641 4B4E 5A4D 2020 2020 2020 2020 2020 2020 020: 0000 8000 0004 3030 3031 5941 4D31 5354 3530 304C 030: 5430 3132 2D39 5753 3134 3220 2020 2020 2020 2020 040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00 050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110 060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000 070: 0000 0000 0000 0000 0000 001F 0D06 0004 004C 004C 080: 01F8 0029 306B 7C09 6123 3069 BC09 6123 407F 0030 090: 0030 8080 FFFE 0000 0000 0000 0000 0000 0000 0000 100: 6030 3A38 0000 0000 0000 0000 6003 0000 5000 C500 110: 6C8A 0905 0000 0000 0000 0000 0000 0000 0000 401C 120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030 130: 3A38 6030 3A38 2020 0002 0140 0108 5000 3C06 3C0A 140: 0000 0078 0000 0008 0000 0000 00FF 0280 0000 0000 150: 0008 0000 0000 0000 0000 0000 0000 0000 5F00 8000 160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000 170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 200: 0000 0000 0000 0000 0000 0000 103D 0000 0000 4000 210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000 220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000 230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000 240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 250: 0000 0000 0000 0000 0000 A9A5 -- SMART_READ_DATA --------------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 0A 00 01 2F 00 73 63 E8 B3 23 05 00 00 00 03 23 010: 00 63 63 00 00 00 00 00 00 00 04 32 00 62 62 44 020: 09 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00 030: 00 00 07 2F 00 4E 3C 2B 34 70 04 00 00 00 09 32 040: 00 62 62 A5 09 00 00 00 00 00 0A 33 00 64 64 00 050: 00 00 00 00 00 00 0C 32 00 63 63 E6 04 00 00 00 060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 33 070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 2C 2C 38 080: 00 00 00 00 00 00 BC 32 00 64 01 32 04 00 00 00 090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22 0A0: 00 45 2C 1F 00 15 1F 01 00 00 BF 32 00 64 64 1D 0B0: 00 00 00 00 00 00 C0 22 00 64 64 62 00 00 00 00 0C0: 00 00 C1 32 00 60 60 FA 23 00 00 00 00 00 C2 22 0D0: 00 1F 38 1F 00 00 00 10 00 00 C4 32 00 64 64 00 0E0: 00 00 00 00 00 00 C5 32 00 64 64 00 00 00 00 00 0F0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 32 100: 00 C8 C8 00 00 00 00 00 00 00 FE 32 00 64 64 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 170: 03 00 01 00 02 64 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 04 01 01 01 01 01 01 01 190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 1A0: 00 00 00 00 1D 00 00 00 C2 10 FA C8 1A 08 00 00 1B0: 00 00 00 00 01 00 27 00 B7 19 D4 2B CA 54 00 00 1C0: D8 4B 35 48 22 DB 14 00 00 00 00 00 00 00 00 00 1D0: 01 00 00 00 00 00 00 00 34 17 00 00 3C 00 06 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 -- SMART_READ_THRESHOLD ---------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 0A 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00 010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00 030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00 040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00 050: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 61 070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00 080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00 090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D 0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00 0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00 0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00 0D0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00 0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00 0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00 100: 00 00 00 00 00 00 00 00 00 00 FE 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 RE: Still Infected - GuiltySpark - 12-05-2014 Disk Health is Good. Can you run the FRST scan Britec asked for please Shadowtime101. Thanks. RE: Still Infected - Shadowtime101 - 12-05-2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by jespi_000 at 2014-12-04 17:10:42 Running from C:\Users\jespi_000\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2: Free (HKLM-x32\...\Steam App 107400) (Version: - Bohemia Interactive) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version: - ) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World) Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit) Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version: - Ubisoft Singapore) Unity Web Player (HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.) Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 18-11-2014 00:28:36 Installed HP Support Assistant 24-11-2014 02:09:39 Checkpoint by HitmanPro 01-12-2014 02:15:56 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2014-08-14 19:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {07138C66-1FD1-40C6-80C3-8DE97D0743AD} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO) Task: {0D576258-1873-4121-A466-9520E00ABD0C} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-17] (IObit) Task: {0E9041F6-65C5-48CA-83E9-0639930C694D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation) Task: {0FC589DC-D790-476D-A3F2-FF2677124A94} - System32\Tasks\Driver Booster SkipUAC (Greg) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit) Task: {10B12067-2E6A-49DE-B109-4E2D6E3D316D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {25BC94A5-E858-4874-8898-F92DC5E2FF94} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-11-13] (COMODO) Task: {36945791-D78E-4660-A820-DE81625BDD3A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {4C7380CC-14A3-4BC0-99C8-D56B17D59E37} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-02] (Microsoft Corporation) Task: {4D254997-C263-449B-86BA-AF550615C4E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {59007B5F-5118-4931-9070-AA3775EBB36B} - System32\Tasks\Driver Booster SkipUAC (jespi_000) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit) Task: {6A75C320-9DFF-4ED2-AA3C-E7A38036B43E} - System32\Tasks\CIMT_S-1-5-21-3436019999-1338614278-3438539980-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: {844F2422-F58F-4B27-AC56-3DF6405AEEB6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe Task: {948B39CB-F1EF-4346-879B-E0548E334AF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {96B63A3F-A1C6-44B4-99CE-138470526DF5} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-11-02] () Task: {9C68FAF9-04EA-464E-802A-CA24FC233AD0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {A396CE51-BC7E-433D-8403-1B3F2428088F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO) Task: {A69A2DB0-E66D-456E-91B4-46E35768F632} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO) Task: {AD3ECD29-04C0-4432-AE9B-D21CE5B9AEC3} - System32\Tasks\ASC8_SkipUac_jespi_000 => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-17] (IObit) Task: {AE0ECBC7-5687-48B4-A819-23C2569E3579} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {AFF32D8C-D695-41FB-A858-3EDA9228D758} - System32\Tasks\HPCeeScheduleForjespi_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {B0064209-C584-45EA-9E30-5C4658A28D4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {BDD0AE65-1E86-4432-B333-684B00B7F671} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO) Task: {BF93684D-1BB8-4827-A96A-92D021094413} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-11-20] () Task: {CB2CF135-D2C8-4B90-AEED-4F2C2718FBEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {D27118BE-3F2B-41E8-9EBF-67EFDA6E7963} - System32\Tasks\Uninstaller_SkipUac_jespi_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-30] (IObit) Task: {DB2EC9DB-D29E-4FF0-BD2E-AEC1DD173A06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-02] (Adobe Systems Incorporated) Task: {DD08B184-D9B0-4EB8-A960-CCC1DC83E04E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-07] (Synaptics Incorporated) Task: {DDDBAAEB-7B4F-47AC-89E4-A486166F0F66} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-30] (IObit) Task: {E6869FC6-06AF-474C-A056-6D5AA07414B6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-09] (AVAST Software) Task: {FCD95A06-46DF-4EE5-914E-6C9E8226C03D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-11-02] (Realtek Semiconductor) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ASC8_SkipUac_jespi_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe Task: C:\Windows\Tasks\CIMT_S-1-5-21-3436019999-1338614278-3438539980-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: C:\Windows\Tasks\HPCeeScheduleForjespi_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_jespi_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-13 23:41 - 2013-03-13 23:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-11-17 17:09 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-17 17:13 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-03-13 23:41 - 2013-03-13 23:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2014-11-30 18:51 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll 2014-12-03 18:02 - 2014-12-03 18:02 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120301\algo.dll 2014-12-04 16:26 - 2014-12-04 16:26 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120401\algo.dll 2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-11-30 18:51 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl 2014-11-30 18:51 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl 2014-11-30 18:51 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl 2014-11-30 18:51 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll 2013-09-17 20:53 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-12 16:44 - 2014-11-12 16:44 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\system32\DxtoryCodec64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DxtoryCodec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Hamdrv.sys:$CmdTcID AlternateDataStreams: C:\Users\jespi_000\Desktop\FRST64(1).exe:$CmdTcID AlternateDataStreams: C:\Users\jespi_000\Desktop\FRST64(1).exe:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Desktop\RogueKiller.exe:$CmdTcID AlternateDataStreams: C:\Users\jespi_000\Desktop\RogueKiller.exe:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\514730.1-lg.jpg:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\A-man-uses-an-Apple-iPhon-007.jpg:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\CrystalDiskInfo6_2_1-en.exe:$CmdTcID AlternateDataStreams: C:\Users\jespi_000\Downloads\CrystalDiskInfo6_2_1-en.exe:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\images.jpg:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\index.jpg:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\IShnx42ew3z3950000000000.jpg:$CmdZnID AlternateDataStreams: C:\Users\jespi_000\Downloads\spybot-2.4.exe:$CmdTcID AlternateDataStreams: C:\Users\jespi_000\Downloads\spybot-2.4.exe:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: HP Support Assistant Service => 2 MSCONFIG\Services: HPWMISVC => 2 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "AvastUI.exe" HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\StartupApproved\Run: => "Advanced SystemCare 8" ========================= Accounts: ========================== Administrator (S-1-5-21-3436019999-1338614278-3438539980-500 - Administrator - Disabled) Greg (S-1-5-21-3436019999-1338614278-3438539980-1002 - Administrator - Enabled) => C:\Users\Greg Guest (S-1-5-21-3436019999-1338614278-3438539980-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3436019999-1338614278-3438539980-1004 - Limited - Enabled) jespi_000 (S-1-5-21-3436019999-1338614278-3438539980-1005 - Administrator - Enabled) => C:\Users\jespi_000 ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: StorLib bus (virtual storages support) Description: StorLib bus (virtual storages support) Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e} Manufacturer: EldoS Corporation Service: cbfs3 Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (12/04/2014 06:46:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (12/04/2014 06:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting process id: 0xf58 Faulting application start time: 0xatieclxx.exe0 Faulting application path: atieclxx.exe1 Faulting module path: atieclxx.exe2 Report Id: atieclxx.exe3 Faulting package full name: atieclxx.exe4 Faulting package-relative application ID: atieclxx.exe5 Error: (12/04/2014 06:34:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/03/2014 09:25:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting process id: 0x1208 Faulting application start time: 0xatieclxx.exe0 Faulting application path: atieclxx.exe1 Faulting module path: atieclxx.exe2 Report Id: atieclxx.exe3 Faulting package full name: atieclxx.exe4 Faulting package-relative application ID: atieclxx.exe5 Error: (12/03/2014 06:57:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550. Error: (12/03/2014 05:04:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/03/2014 06:35:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting process id: 0xb58 Faulting application start time: 0xatieclxx.exe0 Faulting application path: atieclxx.exe1 Faulting module path: atieclxx.exe2 Report Id: atieclxx.exe3 Faulting package full name: atieclxx.exe4 Faulting package-relative application ID: atieclxx.exe5 Error: (12/02/2014 08:28:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting process id: 0xff8 Faulting application start time: 0xatieclxx.exe0 Faulting application path: atieclxx.exe1 Faulting module path: atieclxx.exe2 Report Id: atieclxx.exe3 Faulting package full name: atieclxx.exe4 Faulting package-relative application ID: atieclxx.exe5 Error: (12/02/2014 06:08:01 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: The handle is invalid Error: (12/02/2014 05:48:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CIS.exe version 8.0.0.4337 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b98 Start Time: 01d00e8f47821e8b Termination Time: 3651 Application Path: C:\Program Files\COMODO\COMODO Internet Security\CIS.exe Report Id: 0ff82476-7a86-11e4-bf3a-9cb654422a60 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (12/03/2014 06:55:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (12/03/2014 06:56:03 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:32:33 PM on 12/3/2014 was unexpected. Error: (12/02/2014 06:43:28 PM) (Source: DCOM) (EventID: 10010) (User: JOSHUA_COMPUTER) Description: {C288AC5A-D846-4696-8028-2DF6F508D0D9} Error: (12/02/2014 06:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/02/2014 06:11:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with the following service-specific error: %%2147944153 Error: (12/02/2014 06:10:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MOBCleanup service failed to start due to the following error: %%2 Error: (12/02/2014 06:08:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (12/02/2014 04:36:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/02/2014 04:32:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with the following service-specific error: %%2147944153 Error: (12/02/2014 04:31:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MOBCleanup service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (12/04/2014 06:46:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (12/04/2014 06:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c0000005000000000002ea19f5801d00fc8a717ae0bC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exee7b9312d-7bbb-11e4-bf3c-9cb654422a60 Error: (12/04/2014 06:34:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/03/2014 09:25:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c0000005000000000002ea19120801d00f7a536705d4C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe93b53b49-7b6d-11e4-bf3c-9cb654422a60 Error: (12/03/2014 06:57:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -550 Error: (12/03/2014 05:04:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/03/2014 06:35:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c0000005000000000002ea19b5801d00efe0e5756edC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe4f2872e2-7af1-11e4-bf3b-9cb654422a60 Error: (12/02/2014 08:28:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c0000005000000000002ea19ff801d00ea93e93fcecC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe7f6ea023-7a9c-11e4-bf3b-9cb654422a60 Error: (12/02/2014 06:08:01 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: The handle is invalid Error: (12/02/2014 05:48:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: CIS.exe8.0.0.4337b9801d00e8f47821e8b3651C:\Program Files\COMODO\COMODO Internet Security\CIS.exe0ff82476-7a86-11e4-bf3a-9cb654422a60 CodeIntegrity Errors: =================================== Date: 2014-12-04 17:05:41.654 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-04 06:15:35.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-03 19:37:42.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-03 18:59:32.398 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-02 18:42:39.721 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-02 18:27:58.075 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-02 18:06:58.422 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-02 02:23:33.010 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-02 02:09:53.024 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-01 23:14:44.975 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E-300 APU with Radeon HD Graphics Percentage of memory in use: 37% Total physical RAM: 3682.26 MB Available physical RAM: 2312.06 MB Total Pagefile: 7394.26 MB Available Pagefile: 5286.22 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:443.03 GB) (Free:378.64 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777) Partition: GPT Partition Type. ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014 Ran by jespi_000 (administrator) on JOSHUA_COMPUTER on 04-12-2014 17:06:08 Running from C:\Users\jespi_000\Desktop Loaded Profile: jespi_000 (Available profiles: Greg & jespi_000) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: https://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (AMD) C:\Windows\System32\atieclxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Farbar) C:\Users\jespi_000\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [147160 2014-11-02] (Realtek Semiconductor Corp.) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-11-13] (COMODO) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-02] (LogMeIn Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-17] (IObit) HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2014-12-01] (Dxtory Software) HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {AA3F748D-E134-4B59-9954-88D79A6E4882} URL = https://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = https://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {AA3F748D-E134-4B59-9954-88D79A6E4882} URL = https://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = https://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKU\S-1-5-21-3436019999-1338614278-3438539980-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\..\Interfaces\{49CD9D27-111F-4E9F-91C0-F0D99AC14DAD}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{4E14BC5C-6FC2-4CBA-984A-A298BBF51E27}: [NameServer] 156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin HKU\S-1-5-21-3436019999-1338614278-3438539980-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jespi_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\user.js FF Extension: Advanced SystemCare Surfing Protection - C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-30] FF Extension: MEGA - C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\Extensions\firefox@mega.co.nz.xpi [2014-11-19] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-24] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{googleearchFieldtrialParameter}client={googleuggestClient}&gs_ri={googleuggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{googleearchVersion}{googleessionToken}sugkey={googleuggestAPIKeyParameter} CHR Profile: C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23] CHR Extension: (Google Drive) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22] CHR Extension: (YouTube) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23] CHR Extension: (Attack on Titan Theme for 1440x900) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebjcpbckgdhefehkcfjeaddcjnkhlke [2014-05-19] CHR Extension: (Google Search) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23] CHR Extension: (SiteAdvisor) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-09] CHR Extension: (Google Wallet) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR Extension: (Gmail) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7615952 2014-11-13] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-11-13] (COMODO) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-23] (SurfRight B.V.) S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-30] (IObit) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-11-02] (Realtek Semiconductor) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-11-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-22] (Emsisoft GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-06-01] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-09] (AVAST Software) S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-10-24] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-09] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2014-11-02] (Advanced Micro Devices) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-22] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21304 2014-11-13] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [808176 2014-11-13] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [36200 2014-11-13] (COMODO) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] () R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-02] (LogMeIn Inc.) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127328 2014-11-13] (COMODO) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-11-02] (Realtek Semiconductor Corp.) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2014-11-02] (Realtek Semiconductor Corp.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated) U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-12-01] () S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz137; \??\C:\Users\JESPI_~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 17:06 - 2014-12-04 17:08 - 00020532 _____ () C:\Users\jespi_000\Desktop\FRST.txt 2014-12-04 16:53 - 2014-12-04 16:53 - 02117632 _____ (Farbar) C:\Users\jespi_000\Desktop\FRST64(1).exe 2014-12-04 16:25 - 2014-12-04 16:25 - 00001203 _____ () C:\Users\jespi_000\Desktop\CrystalDiskInfo.lnk 2014-12-04 16:25 - 2014-12-04 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-12-04 16:25 - 2014-12-04 16:25 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-12-04 16:22 - 2014-12-04 16:22 - 02996728 _____ (Crystal Dew World ) C:\Users\jespi_000\Downloads\CrystalDiskInfo6_2_1-en.exe 2014-12-04 16:15 - 2014-12-04 16:15 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-03 19:05 - 2014-12-03 19:20 - 00002336 _____ () C:\Windows\system32\Drivers\fvstore.dat 2014-12-03 18:55 - 2014-12-03 18:55 - 00000596 _____ () C:\Windows\PFRO.log 2014-12-03 17:38 - 2014-12-03 18:56 - 00000380 _____ () C:\Windows\Tasks\HPCeeScheduleForjespi_000.job 2014-12-02 16:34 - 2014-12-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-01 21:44 - 2014-12-01 21:44 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-12-01 21:41 - 2014-12-01 21:42 - 15196248 _____ () C:\Users\jespi_000\Desktop\RogueKiller.exe 2014-12-01 21:29 - 2014-12-01 21:29 - 00000085 _____ () C:\Windows\wininit.ini 2014-12-01 21:23 - 2014-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-12-01 21:22 - 2014-12-01 21:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-01 21:22 - 2014-12-01 21:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-01 21:13 - 2014-12-01 21:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\jespi_000\Downloads\spybot-2.4.exe 2014-12-01 18:42 - 2014-12-02 16:20 - 00000000 ____D () C:\Users\jespi_000\Desktop\Dxtory Stuff 2014-12-01 18:35 - 2014-12-01 18:35 - 00000000 ____D () C:\Users\jespi_000\AppData\Local\Dxtory Software 2014-12-01 18:34 - 2014-12-01 18:34 - 03673600 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec64.dll 2014-12-01 18:34 - 2014-12-01 18:34 - 03166720 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll 2014-12-01 18:34 - 2014-12-01 18:34 - 00001199 _____ () C:\Users\jespi_000\Desktop\Dxtory.lnk 2014-12-01 18:34 - 2014-12-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0 2014-12-01 18:34 - 2014-12-01 18:34 - 00000000 ____D () C:\Program Files (x86)\Dxtory Software 2014-12-01 16:23 - 2014-12-01 16:23 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk 2014-12-01 16:23 - 2014-12-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2014-12-01 16:22 - 2014-12-04 17:00 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2014-12-01 16:22 - 2014-12-01 16:23 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO 2014-12-01 16:22 - 2014-12-01 16:22 - 00000000 ____D () C:\ProgramData\Shared Space 2014-12-01 16:21 - 2014-12-01 16:21 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-12-01 16:21 - 2014-12-01 16:21 - 00000000 ____D () C:\Program Files\COMODO 2014-12-01 16:20 - 2014-12-01 16:22 - 00000000 ____D () C:\ProgramData\Comodo 2014-12-01 15:51 - 2014-12-02 16:35 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2014-11-30 20:23 - 2014-11-30 20:15 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-30 20:23 - 2014-11-30 20:15 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-30 20:05 - 2014-11-30 20:05 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-30 20:05 - 2014-11-30 20:05 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-30 20:05 - 2014-11-30 20:05 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2014-11-30 20:05 - 2014-11-30 20:05 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2014-11-30 20:05 - 2014-11-30 20:05 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2014-11-30 20:05 - 2014-11-30 20:05 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-11-30 20:05 - 2014-11-30 20:05 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2014-11-30 20:05 - 2014-11-30 20:05 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2014-11-30 19:59 - 2014-11-30 19:59 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-30 19:59 - 2014-11-30 19:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-30 19:59 - 2014-11-30 19:59 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-30 19:59 - 2014-11-30 19:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-30 19:53 - 2014-11-30 19:53 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-30 19:53 - 2014-11-30 19:53 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-30 19:53 - 2014-11-30 19:53 - 02885632 _____ (Microsoft Corporation) RE: Still Infected - GuiltySpark - 12-05-2014 There's a lot of nasties in there, but we should wait for Britec to come back to add a fixlist as I'm not yet fully up to speed with the full workings of FRST (still learning and testing with this tool). RE: Still Infected - Shadowtime101 - 12-05-2014 Malware nasties? And I just wanted to say thank you so much for the pretty quick fast replies and the help you guys have given me, you guys are the 1st forum that actually helped me on my computer so thank you! |