Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Infected with URL: Mal

  1. #11
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default

    Hi Ken, thanks for the feedback, I went ahead and uninstalled Photoshop.

  2. #12
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go ahead and open up FRST64, be sure to checkmark Additions, run a new scan and post both the FRST64 log and the Additions log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
    Ran by Vilyam (administrator) on WILL on 22-04-2015 13:35:22
    Running from C:\Users\Vilyam\Desktop
    Loaded Profiles: Vilyam (Available profiles: Vilyam)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Curse, Inc) C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\Curse.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
    HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-01] (COMODO)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-04-20] (Piriform Ltd)
    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-20] (Avast Software s.r.o.)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-20] (Avast Software s.r.o.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-20] (Avast Software s.r.o.)
    Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
    Tcpip\..\Interfaces\{B9AE0BC8-D283-42AE-90E5-B778DF273A2A}: [NameServer] 156.154.70.22,156.154.71.22

    FireFox:
    ========
    FF ProfilePath: C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default
    FF Homepage: https://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
    FF Extension: NoScript - C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-21]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-20]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-01] (COMODO)
    R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-01] (COMODO)
    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-20] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-20] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-20] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-20] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-20] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-20] (Avast Software s.r.o.)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-20] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-20] ()
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-17] (Disc Soft Ltd)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-04-21] ()
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126720 2015-04-01] (COMODO)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-22] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-22 13:33 - 2015-04-22 13:33 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-117805156-1059988709-3418736103-1001
    2015-04-22 12:50 - 2015-04-22 12:50 - 00001047 _____ () C:\Users\Vilyam\Desktop\malware.txt
    2015-04-22 12:38 - 2015-04-22 12:38 - 00000879 _____ () C:\Users\Vilyam\Desktop\JRT.txt
    2015-04-22 12:20 - 2015-04-22 12:20 - 02685507 _____ (Thisisu) C:\Users\Vilyam\Desktop\JRT.exe
    2015-04-22 12:19 - 2015-04-22 12:19 - 00000917 _____ () C:\Users\Vilyam\Desktop\adwcleanerresult.txt
    2015-04-22 12:16 - 2015-04-22 12:16 - 02217984 _____ () C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe
    2015-04-22 12:08 - 2015-04-22 12:18 - 00000462 _____ () C:\WINDOWS\setupact.log
    2015-04-22 12:08 - 2015-04-22 12:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-04-22 11:12 - 2015-04-22 11:12 - 00001685 _____ () C:\Users\Vilyam\Desktop\ckfiles.txt
    2015-04-22 10:39 - 2015-04-22 10:40 - 00468480 _____ () C:\Users\Vilyam\Desktop\CKScanner.exe
    2015-04-22 10:11 - 2015-04-22 12:31 - 00093475 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-22 09:29 - 2015-04-22 09:29 - 00002484 _____ () C:\Users\Vilyam\Desktop\aswMBR.txt
    2015-04-22 09:29 - 2015-04-22 09:29 - 00000512 _____ () C:\Users\Vilyam\Desktop\MBR.dat
    2015-04-22 09:16 - 2015-04-22 13:35 - 00012441 _____ () C:\Users\Vilyam\Desktop\FRST.txt
    2015-04-22 09:16 - 2015-04-22 13:35 - 00000000 ____D () C:\FRST
    2015-04-22 09:15 - 2015-04-22 09:15 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-WILL-Windows-8.1-Pro-(64-bit).dat
    2015-04-22 09:14 - 2015-04-22 09:14 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\RegBackup
    2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-04-22 08:57 - 2015-04-22 08:57 - 05198336 _____ (AVAST Software) C:\Users\Vilyam\Desktop\aswMBR.exe
    2015-04-22 08:56 - 2015-04-22 08:56 - 02099712 _____ (Farbar) C:\Users\Vilyam\Desktop\FRST64.exe
    2015-04-21 14:02 - 2015-04-21 14:02 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
    2015-04-21 14:00 - 2015-04-21 14:00 - 14160536 _____ (Microsoft Corporation) C:\Users\Vilyam\Downloads\MSEInstall.exe
    2015-04-21 10:52 - 2015-04-21 10:52 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2015-04-21 10:51 - 2015-04-21 10:51 - 00003082 _____ () C:\WINDOWS\system32\.crusader
    2015-04-21 10:41 - 2015-04-21 10:41 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2015-04-21 10:41 - 2015-04-21 10:41 - 00000000 ____D () C:\Program Files\HitmanPro
    2015-04-21 10:40 - 2015-04-21 10:51 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-04-21 10:33 - 2015-04-22 12:17 - 00000000 ____D () C:\AdwCleaner
    2015-04-20 20:13 - 2015-04-20 20:13 - 00000000 ____D () C:\WINDOWS\pss
    2015-04-20 20:01 - 2015-04-22 12:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-04-20 20:01 - 2015-04-20 20:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-04-20 19:34 - 2015-04-22 13:34 - 04599708 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
    2015-04-20 19:34 - 2015-04-21 14:44 - 00000000 ___HD () C:\VTRoot
    2015-04-20 19:31 - 2015-04-20 19:31 - 00001886 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
    2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
    2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Shared Space
    2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\Program Files\COMODO
    2015-04-20 19:28 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Comodo
    2015-04-20 17:18 - 2015-04-22 13:19 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-04-20 17:18 - 2015-04-20 17:18 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-20 17:18 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-04-20 17:18 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-04-20 17:18 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-04-20 17:10 - 2015-04-20 17:10 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\AVAST Software
    2015-04-20 17:09 - 2015-04-20 17:09 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
    2015-04-20 17:09 - 2015-04-20 17:09 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
    2015-04-20 17:09 - 2015-04-20 17:09 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2015-04-20 17:09 - 2015-04-20 17:09 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-04-20 17:09 - 2015-04-20 17:09 - 00001938 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-04-20 17:09 - 2015-04-20 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-04-20 17:07 - 2015-04-20 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-04-20 17:05 - 2015-04-21 16:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-04-20 17:05 - 2015-04-20 17:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-20 17:05 - 2015-04-20 17:05 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-04-20 17:05 - 2015-04-20 17:05 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-04-20 17:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2015-04-20 14:57 - 2015-04-20 14:57 - 00000000 ____D () C:\ProgramData\{c67d51a5-18b4-9735-c67d-d51a518b4694}
    2015-04-20 14:37 - 2015-04-20 14:37 - 00000000 ____D () C:\ProgramData\{3da8412c-d112-6f89-3da8-8412cd1104b3}
    2015-04-20 14:36 - 2015-04-20 14:36 - 00000020 _____ () C:\Users\Vilyam\AppData\Roaming\appdataFr3.bin
    2015-04-20 14:35 - 2015-04-20 14:36 - 00000000 ____D () C:\ProgramData\6910977573517045643
    2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
    2015-04-15 08:31 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-04-15 08:31 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-04-15 08:31 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2015-04-15 08:31 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-04-15 08:31 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
    2015-04-15 08:31 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2015-04-15 08:31 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2015-04-15 08:31 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
    2015-04-15 08:31 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
    2015-04-15 08:31 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
    2015-04-15 08:31 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2015-04-15 08:31 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2015-04-15 08:31 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-04-15 08:31 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2015-04-15 08:31 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2015-04-15 08:31 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2015-04-15 08:31 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-04-15 08:31 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
    2015-04-15 08:31 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2015-04-15 08:31 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2015-04-15 08:31 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-04-15 08:31 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-04-15 08:31 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-04-15 08:31 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2015-04-15 08:31 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-04-15 08:31 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-04-15 08:31 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-04-15 08:31 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-04-15 08:31 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-04-15 08:31 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-04-15 08:31 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-04-15 08:31 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-04-15 08:31 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-04-15 08:31 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-04-15 08:31 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-04-15 08:31 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-04-15 08:31 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-04-15 08:31 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-04-15 08:31 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-04-15 08:31 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-04-15 08:31 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-04-15 08:31 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-04-15 08:31 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-04-15 08:31 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-04-15 08:31 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-04-15 08:31 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-04-15 08:31 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2015-04-15 08:31 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-04-15 08:31 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-04-15 08:31 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-04-15 08:31 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-04-15 08:31 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2015-04-15 08:31 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-04-15 08:31 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-04-15 08:31 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-04-15 08:31 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-04-15 08:31 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-04-15 08:31 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-04-15 08:31 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
    2015-04-15 08:31 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
    2015-04-15 08:30 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2015-04-15 08:30 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2015-04-15 08:30 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2015-04-15 08:30 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2015-04-15 08:30 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-04-15 08:30 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2015-04-15 08:30 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-04-15 08:30 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2015-04-15 08:30 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
    2015-04-15 08:30 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
    2015-04-15 08:30 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2015-04-04 12:51 - 2015-04-04 12:51 - 00000000 ____D () C:\Users\Vilyam\Documents\Larian Studios
    2015-04-03 19:43 - 2015-04-03 19:44 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-04-01 18:50 - 2015-04-01 18:50 - 00820952 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
    2015-04-01 18:50 - 2015-04-01 18:50 - 00126720 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
    2015-04-01 18:50 - 2015-04-01 18:50 - 00035080 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
    2015-04-01 18:50 - 2015-04-01 18:50 - 00020696 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
    2015-04-01 18:48 - 2015-04-01 18:48 - 00576848 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
    2015-04-01 18:48 - 2015-04-01 18:48 - 00444472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
    2015-04-01 18:48 - 2015-04-01 18:48 - 00041248 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
    2015-04-01 18:47 - 2015-04-01 18:47 - 00358104 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
    2015-04-01 18:46 - 2015-04-01 18:46 - 00045784 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
    2015-04-01 18:45 - 2015-04-01 18:45 - 00288472 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
    2015-04-01 18:45 - 2015-04-01 18:45 - 00040664 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
    2015-03-30 17:35 - 2015-03-30 17:35 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Macromedia
    2015-03-28 11:50 - 2015-03-28 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
    2015-03-27 11:19 - 2015-03-27 11:19 - 00000000 ____D () C:\Program Files\Common Files\Logitech
    2015-03-24 13:51 - 2015-03-24 13:51 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
    2015-03-24 13:12 - 2015-04-20 17:12 - 00000000 ____D () C:\ProgramData\{28f86f1d-1054-cc11-28f8-86f1d105bc74}
    2015-03-24 08:21 - 2015-03-24 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-03-24 08:09 - 2015-03-24 08:09 - 00000000 __SHD () C:\ProgramData\SecuROM
    2015-03-24 08:07 - 2015-03-24 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    2015-03-24 07:42 - 2015-03-24 08:09 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Rockstar Games
    2015-03-24 07:42 - 2015-03-24 08:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2015-03-24 07:42 - 2015-03-24 07:42 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
    2015-03-24 07:42 - 2015-03-24 07:42 - 00000000 __RHD () C:\Users\Vilyam\AppData\Roaming\SecuROM
    2015-03-24 07:42 - 2015-03-24 07:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\xlive
    2015-03-23 13:14 - 2015-04-21 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-22 13:32 - 2015-02-19 17:35 - 00000000 ____D () C:\ProgramData\Adobe
    2015-04-22 13:31 - 2015-02-19 17:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-04-22 13:31 - 2015-02-10 20:04 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\Adobe
    2015-04-22 13:29 - 2015-02-19 17:32 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Adobe
    2015-04-22 13:27 - 2015-02-14 16:34 - 00000000 ____D () C:\Users\Vilyam\OneDrive
    2015-04-22 13:00 - 2015-02-11 18:12 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\Curse Client
    2015-04-22 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-04-22 12:25 - 2014-11-21 01:43 - 01170068 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-04-22 12:19 - 2015-02-17 12:19 - 00003244 _____ () C:\WINDOWS\System32\Tasks\IORRT
    2015-04-22 12:18 - 2015-02-14 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-04-22 12:18 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-22 12:18 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-04-22 10:36 - 2015-02-10 20:51 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Battle.net
    2015-04-22 08:30 - 2015-02-24 22:25 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{900B455C-2CE7-43E1-815F-E126E4991D66}
    2015-04-21 10:52 - 2013-08-22 07:45 - 00000000 ____D () C:\WINDOWS\Setup
    2015-04-21 09:45 - 2015-02-10 20:14 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Google
    2015-04-21 09:45 - 2015-02-10 20:14 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
    2015-04-20 20:08 - 2015-02-10 21:15 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-04-20 20:08 - 2015-02-10 21:15 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-20 17:34 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-04-17 12:38 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-04-16 12:36 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-04-15 16:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppCompat
    2015-04-15 10:30 - 2015-02-10 21:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-04-15 10:29 - 2015-02-10 21:04 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-04-15 10:27 - 2015-02-10 22:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser
    2015-04-15 10:27 - 2014-11-21 09:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2015-04-13 16:24 - 2014-11-21 09:23 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-04-13 16:24 - 2014-11-21 09:23 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-03 21:22 - 2015-02-19 17:12 - 00000000 ____D () C:\Users\Vilyam\Downloads\Adobe Photoshop CS5.1 Extended Edition
    2015-03-28 11:45 - 2015-03-19 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-28 11:44 - 2015-02-11 14:00 - 00000000 ____D () C:\Users\Vilyam\Documents\My Games
    2015-03-28 11:42 - 2015-02-17 12:12 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\DAEMON Tools Lite
    2015-03-28 11:19 - 2015-03-01 14:57 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\SKIDROW

    ==================== Files in the root of some directories =======

    2015-04-20 14:36 - 2015-04-20 14:36 - 0000020 _____ () C:\Users\Vilyam\AppData\Roaming\appdataFr3.bin

    Some content of TEMP:
    ====================
    C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe
    C:\Users\Vilyam\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-20 06:16

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015
    Ran by Vilyam at 2015-04-22 13:35:44
    Running from C:\Users\Vilyam\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
    FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
    COMODO Firewall (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
    EVGA PrecisionX 16 (HKLM-x32\...\{D99289E6-A66A-4D27-A3E0-EC726A7BC82D}) (Version: 5.3.0 - EVGA Corporation)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
    Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
    Ruby 2.1.5-p273 (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\{64763A89-6347-43AF-833F-3840615C62AE}_is1) (Version: 2.1.5-p273 - RubyInstaller Team)
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-117805156-1059988709-3418736103-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Restore Points =========================

    03-04-2015 19:43:36 Windows Update
    11-04-2015 11:55:38 Scheduled Checkpoint
    15-04-2015 10:26:58 Windows Update
    20-04-2015 17:08:27 avast! antivirus system restore point
    22-04-2015 12:07:44 Restore Point Created by FRST

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2015-04-22 12:07 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0464DFA2-CA8E-4558-B118-A867B2BE49EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-20] (Avast Software s.r.o.)
    Task: {2202E1D0-3A3A-41BD-A8B0-987ED24B6791} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-02-17] ()
    Task: {2764091C-F234-4EE8-8ED9-7417658F5D99} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\Windows\System32\AutoUpdate.exe
    Task: {2BC4A5D4-21F9-4D60-A63F-F62829176C43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {35FAAF03-4248-4006-9BC7-40AFCCA46313} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {45BEA05D-E874-49C8-9692-9EC7908501C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {4F3E823E-4FEC-4FBC-A426-DCF8117DCC57} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe
    Task: {4FB29A9D-2395-41B3-BFC0-FF93855275C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {57451F2F-B104-4780-AED3-494436BA5407} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {6BFD5CB8-ABD0-4DB2-B313-7FBB376AF197} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
    Task: {7153101F-4C03-442B-A407-834702DFE503} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-01] (COMODO)
    Task: {8EAE4A68-1A99-49CF-953D-ABEFD2F6E52A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {95DCF229-10F9-4D00-9885-AC294AAE2F8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
    Task: {9841C935-CF04-419F-8860-D32AAA4253B2} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-02-17] ()
    Task: {9A1DB490-5E7F-4947-A36F-94ADA7BD43CE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
    Task: {B5533BF1-C56D-4C9B-8423-DFC082DF94F9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
    Task: {F7D3730F-9CC2-4230-8A5A-CFFD45061A0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {FC3F5201-17F9-4451-9C3F-927428AB7D88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {FF7B37E9-278D-4FDF-8725-0E172AE9DDBD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-20] (Piriform Ltd)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) ==============

    2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-02-10 23:57 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2015-02-14 16:09 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-04-20 17:09 - 2015-04-20 17:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-20 17:09 - 2015-04-20 17:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-04-22 10:42 - 2015-04-22 10:42 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll
    2015-04-20 17:09 - 2015-04-20 17:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-04-20 17:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-04-20 17:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-04-20 17:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-04-20 17:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-04-20 17:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-01-20 13:23 - 2015-01-20 13:23 - 00307712 _____ () C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\opus.dll
    2015-01-20 13:23 - 2015-01-20 13:23 - 00437248 _____ () C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Vilyam\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\aswMBR.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\aswMBR.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\civ100.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\civ100.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\CKScanner.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\CKScanner.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\FRST64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Desktop\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vilyam\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1080p-tree-on-the-prairie-hd-wallpaper-hd-wallpaper-1920x1200-6-53fb78a307dce-3126.jpg
    DNS Servers: 156.154.70.22 - 156.154.71.22

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "SwitchBoard"
    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-117805156-1059988709-3418736103-500 - Administrator - Disabled)
    Guest (S-1-5-21-117805156-1059988709-3418736103-501 - Limited - Disabled)
    Vilyam (S-1-5-21-117805156-1059988709-3418736103-1001 - Administrator - Enabled) => C:\Users\Vilyam

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/22/2015 01:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Acrobat.exe, version: 11.0.7.79, time stamp: 0x536b812b
    Faulting module name: Acrobat.dll, version: 11.0.7.79, time stamp: 0x536b80ff
    Exception code: 0xc0000005
    Fault offset: 0x00139641
    Faulting process id: 0x1bcc
    Faulting application start time: 0xAcrobat.exe0
    Faulting application path: Acrobat.exe1
    Faulting module path: Acrobat.exe2
    Report Id: Acrobat.exe3
    Faulting package full name: Acrobat.exe4
    Faulting package-relative application ID: Acrobat.exe5

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
    Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application


    Details:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.


    Details:
    0x8e5e0210 (0x8e5e0210)

    Error: (04/22/2015 00:07:58 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: SearchIndexer (7128) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00004.log.

    Error: (04/22/2015 00:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (04/22/2015 00:29:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (04/22/2015 00:29:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/22/2015 00:29:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/22/2015 00:29:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/22/2015 00:29:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/22/2015 00:29:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/22/2015 00:29:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/22/2015 00:29:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/22/2015 00:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/22/2015 00:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (04/22/2015 01:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Acrobat.exe11.0.7.79536b812bAcrobat.dll11.0.7.79536b80ffc0000005001396411bcc01d07d37b552b28dC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.dllfb61adf8-e92a-11e4-be83-74d02b2c09cc

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description:
    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Context: Windows Application


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)
    Search.TripoliIndexer

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
    Description: Context: Windows Application


    Details:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)
    Search.TripoliIndexer

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description:
    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)
    The catalog is corrupt

    Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description:
    Details:
    0x8e5e0210 (0x8e5e0210)
    4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

    Error: (04/22/2015 00:07:58 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: SearchIndexer7128Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00004.log-1811 (0xfffff8ed)

    Error: (04/22/2015 00:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-22 12:55:23.308
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 12:48:39.158
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 12:40:42.743
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 12:19:54.773
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 12:11:28.666
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 10:12:55.043
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 10:02:51.702
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 09:35:41.401
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 09:29:23.523
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-22 08:46:56.481
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
    Percentage of memory in use: 15%
    Total physical RAM: 16256.66 MB
    Available physical RAM: 13800.43 MB
    Total Pagefile: 18688.66 MB
    Available Pagefile: 15654.7 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:651.58 GB) (Free:564.59 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:394.33 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB4EF6FB)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=651.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=279.8 GB) - (Type=05)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5B625B62)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  4. #14
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

    Code:
    Start
    CreateRestorePoint: 
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
    2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Also let me know how you feel your system is running now ?????
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default

    The system seems to be running fine, just a little slow at start up but that's probably due to some of the new programs that were installed.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015
    Ran by Vilyam at 2015-04-22 14:30:50 Run:2
    Running from C:\Users\Vilyam\Desktop
    Loaded Profiles: Vilyam (Available profiles: Vilyam)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
    2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS => Moved successfully.
    C:\Users\Vilyam\AppData\Roaming\uTorrent => Moved successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 24.3 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 14:31:32 ====

  6. #16
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Just reboot your system a few times, it may speed it up


    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.



    ==========================================================


    Please download DelFix and save the file to your Desktop.



    • Windows XP Double Click DelFix.exe to run the program.
    • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
    • Checkmark " Remove Disinfection Tools"
    • Click the Run button


    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



    ==========================================================






    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default

    Getting, Windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item.

    I disabled any protection that was on prior to running it.

  8. #18
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default

    Nevermind Ken, I got it. Thanks a ton for your help and time. Much appreciated.

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your most welcome my friend,

    Take Care

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •