PDA

View Full Version : Infected with URL: Mal



zillo396
2015-04-22, 19:33
The other day my webpages started re-directing me to a bunch of different ad websites etc. I am not entirely sure I have removed everything from the infected PC. Was hoping someone could take a look and help me out. Logs are below and thank you.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by Vilyam (administrator) on WILL on 22-04-2015 09:16:41
Running from C:\Users\Vilyam\Desktop
Loaded Profiles: Vilyam (Available profiles: Vilyam)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Curse, Inc) C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\Curse.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-01] (COMODO)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-04-20] (Piriform Ltd)
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-20] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-117805156-1059988709-3418736103-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-20] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-20] (Avast Software s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{B9AE0BC8-D283-42AE-90E5-B778DF273A2A}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Extension: NoScript - C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-20]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-01] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-01] (COMODO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-20] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-20] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-17] (Disc Soft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-04-21] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126720 2015-04-01] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 09:16 - 2015-04-22 09:16 - 00013992 _____ () C:\Users\Vilyam\Desktop\FRST.txt
2015-04-22 09:16 - 2015-04-22 09:16 - 00000000 ____D () C:\FRST
2015-04-22 09:15 - 2015-04-22 09:15 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-WILL-Windows-8.1-Pro-(64-bit).dat
2015-04-22 09:14 - 2015-04-22 09:14 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\RegBackup
2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-22 08:57 - 2015-04-22 08:57 - 05198336 _____ (AVAST Software) C:\Users\Vilyam\Desktop\aswMBR.exe
2015-04-22 08:56 - 2015-04-22 08:56 - 02099712 _____ (Farbar) C:\Users\Vilyam\Desktop\FRST64.exe
2015-04-21 16:05 - 2011-04-24 23:58 - 00001211 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-160553.backup
2015-04-21 14:02 - 2015-04-21 14:02 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-04-21 14:00 - 2015-04-21 14:00 - 14160536 _____ (Microsoft Corporation) C:\Users\Vilyam\Downloads\MSEInstall.exe
2015-04-21 10:52 - 2015-04-21 10:52 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-04-21 10:51 - 2015-04-21 10:51 - 00003082 _____ () C:\WINDOWS\system32\.crusader
2015-04-21 10:41 - 2015-04-21 10:41 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-21 10:41 - 2015-04-21 10:41 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-21 10:40 - 2015-04-21 10:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-21 10:33 - 2015-04-21 10:35 - 00000000 ____D () C:\AdwCleaner
2015-04-20 20:13 - 2015-04-20 20:13 - 00000000 ____D () C:\WINDOWS\pss
2015-04-20 20:01 - 2015-04-22 08:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-20 20:01 - 2015-04-20 20:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-20 19:34 - 2015-04-22 09:09 - 03497758 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2015-04-20 19:34 - 2015-04-21 14:44 - 00000000 ___HD () C:\VTRoot
2015-04-20 19:31 - 2015-04-20 19:31 - 00001886 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\Program Files\COMODO
2015-04-20 19:28 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-20 17:18 - 2015-04-21 10:38 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-20 17:18 - 2015-04-20 17:18 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-20 17:18 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-20 17:18 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-20 17:18 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-20 17:10 - 2015-04-20 17:10 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\AVAST Software
2015-04-20 17:09 - 2015-04-20 17:09 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-20 17:09 - 2015-04-20 17:09 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-20 17:09 - 2015-04-20 17:09 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-20 17:09 - 2015-04-20 17:09 - 00001938 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-20 17:09 - 2015-04-20 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-20 17:07 - 2015-04-20 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-20 17:05 - 2015-04-21 16:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-20 17:05 - 2015-04-20 17:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-20 17:05 - 2015-04-20 17:05 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-20 17:05 - 2015-04-20 17:05 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-20 17:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-04-20 14:57 - 2015-04-20 14:57 - 00000000 ____D () C:\ProgramData\{c67d51a5-18b4-9735-c67d-d51a518b4694}
2015-04-20 14:37 - 2015-04-20 14:37 - 00000000 ____D () C:\ProgramData\{3da8412c-d112-6f89-3da8-8412cd1104b3}
2015-04-20 14:36 - 2015-04-20 14:36 - 00000020 _____ () C:\Users\Vilyam\AppData\Roaming\appdataFr3.bin
2015-04-20 14:35 - 2015-04-20 14:36 - 00000000 ____D () C:\ProgramData\6910977573517045643
2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
2015-04-15 08:31 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:31 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:31 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:31 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:31 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:31 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:31 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:31 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:31 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:31 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:31 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:31 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:31 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:31 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 08:31 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 08:31 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:31 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:31 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:31 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:31 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:31 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:31 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:31 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:31 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:31 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:31 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:31 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:31 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:31 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:31 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:31 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:31 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:31 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:31 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:31 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:31 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:31 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:31 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:31 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:31 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:31 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:31 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:31 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:31 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:31 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:31 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:31 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:31 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:31 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:31 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:31 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:31 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:31 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:31 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:31 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:31 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:31 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:31 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:31 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:31 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-15 08:30 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:30 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:30 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:30 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:30 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 12:51 - 2015-04-04 12:51 - 00000000 ____D () C:\Users\Vilyam\Documents\Larian Studios
2015-04-03 19:43 - 2015-04-03 19:44 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-01 18:50 - 2015-04-01 18:50 - 00820952 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-04-01 18:50 - 2015-04-01 18:50 - 00126720 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-04-01 18:50 - 2015-04-01 18:50 - 00035080 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-04-01 18:50 - 2015-04-01 18:50 - 00020696 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-04-01 18:48 - 2015-04-01 18:48 - 00576848 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-04-01 18:48 - 2015-04-01 18:48 - 00444472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-04-01 18:48 - 2015-04-01 18:48 - 00041248 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-04-01 18:47 - 2015-04-01 18:47 - 00358104 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-04-01 18:46 - 2015-04-01 18:46 - 00045784 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-04-01 18:45 - 2015-04-01 18:45 - 00288472 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-04-01 18:45 - 2015-04-01 18:45 - 00040664 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-03-30 17:35 - 2015-03-30 17:35 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Macromedia
2015-03-28 11:50 - 2015-03-28 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2015-03-27 11:19 - 2015-03-27 11:19 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2015-03-24 13:51 - 2015-03-24 13:51 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-24 13:12 - 2015-04-20 17:12 - 00000000 ____D () C:\ProgramData\{28f86f1d-1054-cc11-28f8-86f1d105bc74}
2015-03-24 08:21 - 2015-03-24 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 08:09 - 2015-03-24 08:09 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-24 08:07 - 2015-03-24 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-03-24 07:42 - 2015-03-24 08:09 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Rockstar Games
2015-03-24 07:42 - 2015-03-24 08:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-24 07:42 - 2015-03-24 07:42 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2015-03-24 07:42 - 2015-03-24 07:42 - 00000000 __RHD () C:\Users\Vilyam\AppData\Roaming\SecuROM
2015-03-24 07:42 - 2015-03-24 07:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\xlive
2015-03-23 13:14 - 2015-04-21 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 09:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-22 09:01 - 2015-02-10 20:51 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Battle.net
2015-04-22 08:47 - 2015-02-11 18:12 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\Curse Client
2015-04-22 08:30 - 2015-02-24 22:25 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{900B455C-2CE7-43E1-815F-E126E4991D66}
2015-04-22 08:30 - 2015-02-19 17:32 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Adobe
2015-04-22 08:30 - 2014-11-21 01:43 - 01170068 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-22 08:24 - 2015-02-14 16:34 - 00000000 ____D () C:\Users\Vilyam\OneDrive
2015-04-22 08:23 - 2015-02-17 12:19 - 00003244 _____ () C:\WINDOWS\System32\Tasks\IORRT
2015-04-22 08:22 - 2015-02-14 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 08:22 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-21 20:43 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-21 14:15 - 2015-02-10 20:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-117805156-1059988709-3418736103-1001
2015-04-21 10:52 - 2013-08-22 07:45 - 00000000 ____D () C:\WINDOWS\Setup
2015-04-21 09:45 - 2015-02-10 20:14 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Google
2015-04-21 09:45 - 2015-02-10 20:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-20 20:29 - 2015-02-10 20:04 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\Adobe
2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
2015-04-20 20:08 - 2015-02-10 21:15 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-20 20:08 - 2015-02-10 21:15 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-20 17:34 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-17 12:38 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-16 12:36 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 16:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 10:30 - 2015-02-10 21:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 10:29 - 2015-02-10 21:04 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 10:27 - 2015-02-10 22:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 10:27 - 2014-11-21 09:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-13 16:24 - 2014-11-21 09:23 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 16:24 - 2014-11-21 09:23 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-03 21:22 - 2015-02-19 17:12 - 00000000 ____D () C:\Users\Vilyam\Downloads\Adobe Photoshop CS5.1 Extended Edition
2015-03-28 11:45 - 2015-03-19 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-28 11:44 - 2015-02-11 14:00 - 00000000 ____D () C:\Users\Vilyam\Documents\My Games
2015-03-28 11:42 - 2015-02-17 12:12 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\DAEMON Tools Lite
2015-03-28 11:19 - 2015-03-01 14:57 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\SKIDROW

==================== Files in the root of some directories =======

2015-04-20 14:36 - 2015-04-20 14:36 - 0000020 _____ () C:\Users\Vilyam\AppData\Roaming\appdataFr3.bin

Some content of TEMP:
====================
C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe
C:\Users\Vilyam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-20 06:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015
Ran by Vilyam at 2015-04-22 09:17:14
Running from C:\Users\Vilyam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
COMODO Firewall (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
EVGA PrecisionX 16 (HKLM-x32\...\{D99289E6-A66A-4D27-A3E0-EC726A7BC82D}) (Version: 5.3.0 - EVGA Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
Ruby 2.1.5-p273 (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\{64763A89-6347-43AF-833F-3840615C62AE}_is1) (Version: 2.1.5-p273 - RubyInstaller Team)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-117805156-1059988709-3418736103-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

03-04-2015 19:43:36 Windows Update
11-04-2015 11:55:38 Scheduled Checkpoint
15-04-2015 10:26:58 Windows Update
20-04-2015 17:08:27 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-04-21 16:05 - 00451160 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0464DFA2-CA8E-4558-B118-A867B2BE49EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-20] (Avast Software s.r.o.)
Task: {2202E1D0-3A3A-41BD-A8B0-987ED24B6791} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-02-17] ()
Task: {2764091C-F234-4EE8-8ED9-7417658F5D99} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\Windows\System32\AutoUpdate.exe
Task: {2BC4A5D4-21F9-4D60-A63F-F62829176C43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {35FAAF03-4248-4006-9BC7-40AFCCA46313} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {45BEA05D-E874-49C8-9692-9EC7908501C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4F3E823E-4FEC-4FBC-A426-DCF8117DCC57} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe
Task: {4FB29A9D-2395-41B3-BFC0-FF93855275C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {57451F2F-B104-4780-AED3-494436BA5407} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6BFD5CB8-ABD0-4DB2-B313-7FBB376AF197} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {7153101F-4C03-442B-A407-834702DFE503} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-01] (COMODO)
Task: {8EAE4A68-1A99-49CF-953D-ABEFD2F6E52A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {96EB05E6-4814-44FB-8EAA-6605DED154CB} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-abyss.will@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {9A1DB490-5E7F-4947-A36F-94ADA7BD43CE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {B5533BF1-C56D-4C9B-8423-DFC082DF94F9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {CD82DE7E-9CAC-4B07-B62E-FB94325F8F70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {F7D3730F-9CC2-4230-8A5A-CFFD45061A0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {FC3F5201-17F9-4451-9C3F-927428AB7D88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FCD8D90C-FB1D-4282-B7AC-DC5C8A56337A} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-02-17] ()
Task: {FF7B37E9-278D-4FDF-8725-0E172AE9DDBD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-20] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-14 16:09 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-14 16:08 - 2012-10-29 00:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-10 23:57 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-20 17:09 - 2015-04-20 17:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-20 17:09 - 2015-04-20 17:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-21 09:15 - 2015-04-21 09:15 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042101\algo.dll
2015-04-22 08:23 - 2015-04-22 08:23 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042201\algo.dll
2015-02-14 16:08 - 2015-04-22 08:22 - 00030208 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2015-02-14 16:08 - 2012-05-07 09:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-04-20 17:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-20 17:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-20 17:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-20 17:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-20 17:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-20 17:09 - 2015-04-20 17:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-20 13:23 - 2015-01-20 13:23 - 00307712 _____ () C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\opus.dll
2015-01-20 13:23 - 2015-01-20 13:23 - 00437248 _____ () C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Vilyam\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Vilyam\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117805156-1059988709-3418736103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vilyam\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1080p-tree-on-the-prairie-hd-wallpaper-hd-wallpaper-1920x1200-6-53fb78a307dce-3126.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-117805156-1059988709-3418736103-500 - Administrator - Disabled)
Guest (S-1-5-21-117805156-1059988709-3418736103-501 - Limited - Disabled)
Vilyam (S-1-5-21-117805156-1059988709-3418736103-1001 - Administrator - Enabled) => C:\Users\Vilyam

==================== Faulty Device Manager Devices =============

Name: Intel(R) Ethernet Connection I217-V
Description: Intel(R) Ethernet Connection I217-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1iexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 09:15:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/22/2015 09:14:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/22/2015 09:04:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 22.4.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e20

Start Time: 01d07d15f0412cfd

Termination Time: 6

Application Path: C:\Users\Vilyam\Desktop\FRST64.exe

Report Id: 3858423a-e909-11e4-be81-74d02b2c09cc

Faulting package full name:

Faulting package-relative application ID:

Error: (04/22/2015 08:47:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/22/2015 08:47:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/22/2015 08:47:33 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4


System errors:
=============
Error: (04/21/2015 10:52:45 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (04/21/2015 10:35:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly. It has done this 2 time(s).

Error: (04/21/2015 10:35:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/21/2015 10:34:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/22/2015 09:15:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/22/2015 09:14:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/22/2015 09:04:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe22.4.2015.0e2001d07d15f0412cfd6C:\Users\Vilyam\Desktop\FRST64.exe3858423a-e909-11e4-be81-74d02b2c09cc

Error: (04/22/2015 08:47:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/22/2015 08:47:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/22/2015 08:47:33 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (04/22/2015 08:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4


CodeIntegrity Errors:
===================================
Date: 2015-04-22 08:46:56.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 17:59:49.232
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 16:46:13.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 16:17:15.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 16:02:19.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 15:55:55.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 15:47:44.172
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 14:39:44.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 14:18:33.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-21 14:09:20.089
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16256.66 MB
Available physical RAM: 14148.19 MB
Total Pagefile: 18688.66 MB
Available Pagefile: 16313.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:651.58 GB) (Free:563.18 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:394.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB4EF6FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=651.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=279.8 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5B625B62)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-04-22 09:18:16
-----------------------------
09:18:16.845 OS Version: Windows x64 6.2.9200
09:18:16.845 Number of processors: 4 586 0x3C03
09:18:16.846 ComputerName: WILL UserName:
09:18:55.339 Initialize success
09:18:55.349 VM: initialized successfully
09:18:55.351 VM: Intel CPU BiosDisabled
09:18:58.269 AVAST engine defs: 15042201
09:19:27.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000031
09:19:27.811 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 11
09:19:27.814 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000033
09:19:27.815 Disk 1 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 11
09:19:27.886 Disk 0 MBR read successfully
09:19:27.892 Disk 0 MBR scan
09:19:27.902 Disk 0 Windows 7 default MBR code
09:19:27.908 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:19:27.926 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 667213 MB offset 206848
09:19:27.930 Disk 0 Partition - 00 05 Extended 286554 MB offset 1366661118
09:19:27.962 Disk 0 Partition 3 00 82 Linux swap 16322 MB offset 1920096256
09:19:28.000 Disk 0 scanning C:\WINDOWS\system32\drivers
09:19:36.393 Service scanning
09:19:53.224 Modules scanning
09:19:53.237 Disk 0 trace - called modules:
09:19:53.259 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
09:19:53.266 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00185282060]
09:19:53.271 3 CLASSPNP.SYS[fffff80140602170] -> nt!IofCallDriver -> [0xffffe0018512b040]
09:19:53.275 5 ACPI.sys[fffff801404f0c21] -> nt!IofCallDriver -> [0xffffe001851313e0]
09:19:53.278 7 ACPI.sys[fffff801404f0c21] -> nt!IofCallDriver -> \Device\00000031[0xffffe0018512e060]
09:19:54.581 AVAST engine scan C:\WINDOWS
09:19:56.632 AVAST engine scan C:\WINDOWS\system32
09:21:20.775 AVAST engine scan C:\WINDOWS\system32\drivers
09:21:29.458 AVAST engine scan C:\Users\Vilyam
09:28:35.658 AVAST engine scan C:\ProgramData
09:29:17.992 Disk 0 statistics 5605420/0/0 @ 6.24 MB/s
09:29:18.008 Scan finished successfully
09:29:50.266 Disk 0 MBR has been saved successfully to "C:\Users\Vilyam\Desktop\MBR.dat"
09:29:50.266 The log file has been saved successfully to "C:\Users\Vilyam\Desktop\aswMBR.txt"

ken545
2015-04-22, 20:15
:snwelcome:

Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

zillo396
2015-04-22, 21:13
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\vilyam\documents\will desktop\desktop\final_square\inv_archaeology_orcclans_crackedidol.blp
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
scanner sequence 3.CG.11.XTNADZ
----- EOF -----

ken545
2015-04-22, 21:40
Whats going on with Adobe Photoshop, do you have a legit license to activate it ??

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.



Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
2015-04-21 16:05 - 2011-04-24 23:58 - 00001211 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-160553.backup
µTorrent (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) To your Desktop
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers


Do not click on any links in the top Advertisment.

http://i24.photobucket.com/albums/c30/ken545/AdwCleaner4.201_zpsxrbk2llq.jpg (http://s24.photobucket.com/user/ken545/media/AdwCleaner4.201_zpsxrbk2llq.jpg.html)


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop. <---------


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"



http://i24.photobucket.com/albums/c30/ken545/MBAM2.1.4_zpsnwqgubkb.jpg (http://s24.photobucket.com/user/ken545/media/MBAM2.1.4_zpsnwqgubkb.jpg.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

zillo396
2015-04-22, 22:14
My friend installed Photoshop on my PC, not entirely sure to be honest with you.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015
Ran by Vilyam at 2015-04-22 12:07:43 Run:1
Running from C:\Users\Vilyam\Desktop
Loaded Profiles: Vilyam (Available profiles: Vilyam)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
2015-04-21 16:05 - 2011-04-24 23:58 - 00001211 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-160553.backup
µTorrent (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\WINDOWS\system32\Drivers\etc\hosts.20150421-160553.backup => Moved successfully.
µTorrent (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.) => Error: No automatic fix found for this entry.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 105.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:08:10 ====

zillo396
2015-04-22, 22:20
AdwCleaner Results.

# AdwCleaner v4.201 - Logfile created 22/04/2015 at 12:17:44
# Updated 08/04/2015 by Xplode
# Database : 2015-04-22.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Vilyam - WILL
# Running from : C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1233 bytes] - [21/04/2015 10:34:00]
AdwCleaner[R1].txt - [854 bytes] - [22/04/2015 12:16:42]
AdwCleaner[S0].txt - [1311 bytes] - [21/04/2015 10:34:59]
AdwCleaner[S1].txt - [780 bytes] - [22/04/2015 12:17:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [838 bytes] ##########

zillo396
2015-04-22, 22:40
JRT Results

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 8.1 Pro x64
Ran by Vilyam on Wed 04/22/2015 at 12:22:38.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-117805156-1059988709-3418736103-1001



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\NVIDIA Update Core Service



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/22/2015 at 12:38:31.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

zillo396
2015-04-22, 22:51
Malwarebytes Result

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/22/2015
Scan Time: 12:42:41 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.22.05
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Vilyam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346198
Time Elapsed: 7 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

zillo396
2015-04-22, 22:54
Also just wanted to note, something called a6d608f0-0bde-491a-97ae-5c4b05d86e01.bat attempted to come up on start up and alter some files etc.

Additionally, this pic below seems weird as I have never seen this.

ken545
2015-04-22, 23:24
This is what I think as far as Adobe Photoshop, those entries in your CKScanner report show that the hosts file has been altered to block online activation. I think it would be safe to say that your friend has not done you any favors and may have installed it via uTorrent. All programs like that are infected and it may be the way you infected this one. The only way I can continue helping you is if you uninstall Adobe Photoshop as this forum and all the other malware removal forums do not support illegal software. If in deed you do have a license key and can activate it legitimately by all means please let me know

zillo396
2015-04-22, 23:28
Hi Ken, thanks for the feedback, I went ahead and uninstalled Photoshop.

ken545
2015-04-22, 23:32
Go ahead and open up FRST64, be sure to checkmark Additions, run a new scan and post both the FRST64 log and the Additions log

zillo396
2015-04-22, 23:36
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by Vilyam (administrator) on WILL on 22-04-2015 13:35:22
Running from C:\Users\Vilyam\Desktop
Loaded Profiles: Vilyam (Available profiles: Vilyam)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Curse, Inc) C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\Curse.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-01] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-04-20] (Piriform Ltd)
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-20] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-117805156-1059988709-3418736103-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-20] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-20] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{B9AE0BC8-D283-42AE-90E5-B778DF273A2A}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Extension: NoScript - C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-20]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-01] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-01] (COMODO)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-20] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-20] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-17] (Disc Soft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-04-21] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126720 2015-04-01] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 13:33 - 2015-04-22 13:33 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-117805156-1059988709-3418736103-1001
2015-04-22 12:50 - 2015-04-22 12:50 - 00001047 _____ () C:\Users\Vilyam\Desktop\malware.txt
2015-04-22 12:38 - 2015-04-22 12:38 - 00000879 _____ () C:\Users\Vilyam\Desktop\JRT.txt
2015-04-22 12:20 - 2015-04-22 12:20 - 02685507 _____ (Thisisu) C:\Users\Vilyam\Desktop\JRT.exe
2015-04-22 12:19 - 2015-04-22 12:19 - 00000917 _____ () C:\Users\Vilyam\Desktop\adwcleanerresult.txt
2015-04-22 12:16 - 2015-04-22 12:16 - 02217984 _____ () C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe
2015-04-22 12:08 - 2015-04-22 12:18 - 00000462 _____ () C:\WINDOWS\setupact.log
2015-04-22 12:08 - 2015-04-22 12:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-22 11:12 - 2015-04-22 11:12 - 00001685 _____ () C:\Users\Vilyam\Desktop\ckfiles.txt
2015-04-22 10:39 - 2015-04-22 10:40 - 00468480 _____ () C:\Users\Vilyam\Desktop\CKScanner.exe
2015-04-22 10:11 - 2015-04-22 12:31 - 00093475 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-22 09:29 - 2015-04-22 09:29 - 00002484 _____ () C:\Users\Vilyam\Desktop\aswMBR.txt
2015-04-22 09:29 - 2015-04-22 09:29 - 00000512 _____ () C:\Users\Vilyam\Desktop\MBR.dat
2015-04-22 09:16 - 2015-04-22 13:35 - 00012441 _____ () C:\Users\Vilyam\Desktop\FRST.txt
2015-04-22 09:16 - 2015-04-22 13:35 - 00000000 ____D () C:\FRST
2015-04-22 09:15 - 2015-04-22 09:15 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-WILL-Windows-8.1-Pro-(64-bit).dat
2015-04-22 09:14 - 2015-04-22 09:14 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\RegBackup
2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-22 09:14 - 2015-04-22 09:14 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-22 08:57 - 2015-04-22 08:57 - 05198336 _____ (AVAST Software) C:\Users\Vilyam\Desktop\aswMBR.exe
2015-04-22 08:56 - 2015-04-22 08:56 - 02099712 _____ (Farbar) C:\Users\Vilyam\Desktop\FRST64.exe
2015-04-21 14:02 - 2015-04-21 14:02 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-04-21 14:00 - 2015-04-21 14:00 - 14160536 _____ (Microsoft Corporation) C:\Users\Vilyam\Downloads\MSEInstall.exe
2015-04-21 10:52 - 2015-04-21 10:52 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-04-21 10:51 - 2015-04-21 10:51 - 00003082 _____ () C:\WINDOWS\system32\.crusader
2015-04-21 10:41 - 2015-04-21 10:41 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-21 10:41 - 2015-04-21 10:41 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-21 10:40 - 2015-04-21 10:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-21 10:33 - 2015-04-22 12:17 - 00000000 ____D () C:\AdwCleaner
2015-04-20 20:13 - 2015-04-20 20:13 - 00000000 ____D () C:\WINDOWS\pss
2015-04-20 20:01 - 2015-04-22 12:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-20 20:01 - 2015-04-20 20:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-20 19:34 - 2015-04-22 13:34 - 04599708 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2015-04-20 19:34 - 2015-04-21 14:44 - 00000000 ___HD () C:\VTRoot
2015-04-20 19:31 - 2015-04-20 19:31 - 00001886 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-04-20 19:31 - 2015-04-20 19:31 - 00000000 ____D () C:\Program Files\COMODO
2015-04-20 19:28 - 2015-04-20 19:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-20 17:18 - 2015-04-22 13:19 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-20 17:18 - 2015-04-20 17:18 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-20 17:18 - 2015-04-20 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-20 17:18 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-20 17:18 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-20 17:18 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-20 17:10 - 2015-04-20 17:10 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\AVAST Software
2015-04-20 17:09 - 2015-04-20 17:09 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-20 17:09 - 2015-04-20 17:09 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-20 17:09 - 2015-04-20 17:09 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-20 17:09 - 2015-04-20 17:09 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-20 17:09 - 2015-04-20 17:09 - 00001938 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-20 17:09 - 2015-04-20 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-20 17:07 - 2015-04-20 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-20 17:05 - 2015-04-21 16:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-20 17:05 - 2015-04-20 17:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-20 17:05 - 2015-04-20 17:05 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-20 17:05 - 2015-04-20 17:05 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-20 17:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-04-20 14:57 - 2015-04-20 14:57 - 00000000 ____D () C:\ProgramData\{c67d51a5-18b4-9735-c67d-d51a518b4694}
2015-04-20 14:37 - 2015-04-20 14:37 - 00000000 ____D () C:\ProgramData\{3da8412c-d112-6f89-3da8-8412cd1104b3}
2015-04-20 14:36 - 2015-04-20 14:36 - 00000020 _____ () C:\Users\Vilyam\AppData\Roaming\appdataFr3.bin
2015-04-20 14:35 - 2015-04-20 14:36 - 00000000 ____D () C:\ProgramData\6910977573517045643
2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
2015-04-15 08:31 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:31 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:31 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:31 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:31 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:31 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:31 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:31 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:31 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:31 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:31 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:31 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:31 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:31 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 08:31 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 08:31 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:31 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:31 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:31 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:31 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:31 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:31 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:31 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:31 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:31 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:31 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:31 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:31 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:31 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:31 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:31 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:31 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:31 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:31 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:31 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:31 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:31 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:31 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:31 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:31 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:31 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:31 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:31 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:31 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:31 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:31 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:31 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:31 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:31 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:31 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:31 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:31 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:31 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:31 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:31 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:31 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:31 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:31 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:31 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:31 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-15 08:30 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:30 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:30 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:30 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:30 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:30 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 12:51 - 2015-04-04 12:51 - 00000000 ____D () C:\Users\Vilyam\Documents\Larian Studios
2015-04-03 19:43 - 2015-04-03 19:44 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-03 19:43 - 2015-04-03 19:43 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-01 18:50 - 2015-04-01 18:50 - 00820952 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-04-01 18:50 - 2015-04-01 18:50 - 00126720 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-04-01 18:50 - 2015-04-01 18:50 - 00035080 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-04-01 18:50 - 2015-04-01 18:50 - 00020696 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-04-01 18:48 - 2015-04-01 18:48 - 00576848 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-04-01 18:48 - 2015-04-01 18:48 - 00444472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-04-01 18:48 - 2015-04-01 18:48 - 00041248 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-04-01 18:47 - 2015-04-01 18:47 - 00358104 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-04-01 18:46 - 2015-04-01 18:46 - 00045784 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-04-01 18:45 - 2015-04-01 18:45 - 00288472 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-04-01 18:45 - 2015-04-01 18:45 - 00040664 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-03-30 17:35 - 2015-03-30 17:35 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Macromedia
2015-03-28 11:50 - 2015-03-28 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2015-03-27 11:19 - 2015-03-27 11:19 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2015-03-24 13:51 - 2015-03-24 13:51 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-24 13:12 - 2015-04-20 17:12 - 00000000 ____D () C:\ProgramData\{28f86f1d-1054-cc11-28f8-86f1d105bc74}
2015-03-24 08:21 - 2015-03-24 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 08:09 - 2015-03-24 08:09 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-24 08:07 - 2015-03-24 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-03-24 07:42 - 2015-03-24 08:09 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Rockstar Games
2015-03-24 07:42 - 2015-03-24 08:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-24 07:42 - 2015-03-24 07:42 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2015-03-24 07:42 - 2015-03-24 07:42 - 00000000 __RHD () C:\Users\Vilyam\AppData\Roaming\SecuROM
2015-03-24 07:42 - 2015-03-24 07:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\xlive
2015-03-23 13:14 - 2015-04-21 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 13:32 - 2015-02-19 17:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-22 13:31 - 2015-02-19 17:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-22 13:31 - 2015-02-10 20:04 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\Adobe
2015-04-22 13:29 - 2015-02-19 17:32 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Adobe
2015-04-22 13:27 - 2015-02-14 16:34 - 00000000 ____D () C:\Users\Vilyam\OneDrive
2015-04-22 13:00 - 2015-02-11 18:12 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\Curse Client
2015-04-22 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-22 12:25 - 2014-11-21 01:43 - 01170068 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-22 12:19 - 2015-02-17 12:19 - 00003244 _____ () C:\WINDOWS\System32\Tasks\IORRT
2015-04-22 12:18 - 2015-02-14 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 12:18 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-22 12:18 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-22 10:36 - 2015-02-10 20:51 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Battle.net
2015-04-22 08:30 - 2015-02-24 22:25 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{900B455C-2CE7-43E1-815F-E126E4991D66}
2015-04-21 10:52 - 2013-08-22 07:45 - 00000000 ____D () C:\WINDOWS\Setup
2015-04-21 09:45 - 2015-02-10 20:14 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\Google
2015-04-21 09:45 - 2015-02-10 20:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
2015-04-20 20:08 - 2015-02-10 21:15 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-20 20:08 - 2015-02-10 21:15 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-20 17:34 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-17 12:38 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-16 12:36 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 16:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 10:30 - 2015-02-10 21:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 10:29 - 2015-02-10 21:04 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 10:27 - 2015-02-10 22:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 10:27 - 2014-11-21 09:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-13 16:24 - 2014-11-21 09:23 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 16:24 - 2014-11-21 09:23 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-03 21:22 - 2015-02-19 17:12 - 00000000 ____D () C:\Users\Vilyam\Downloads\Adobe Photoshop CS5.1 Extended Edition
2015-03-28 11:45 - 2015-03-19 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-28 11:44 - 2015-02-11 14:00 - 00000000 ____D () C:\Users\Vilyam\Documents\My Games
2015-03-28 11:42 - 2015-02-17 12:12 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\DAEMON Tools Lite
2015-03-28 11:19 - 2015-03-01 14:57 - 00000000 ____D () C:\Users\Vilyam\AppData\Local\SKIDROW

==================== Files in the root of some directories =======

2015-04-20 14:36 - 2015-04-20 14:36 - 0000020 _____ () C:\Users\Vilyam\AppData\Roaming\appdataFr3.bin

Some content of TEMP:
====================
C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe
C:\Users\Vilyam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-20 06:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015
Ran by Vilyam at 2015-04-22 13:35:44
Running from C:\Users\Vilyam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
COMODO Firewall (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
EVGA PrecisionX 16 (HKLM-x32\...\{D99289E6-A66A-4D27-A3E0-EC726A7BC82D}) (Version: 5.3.0 - EVGA Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
Ruby 2.1.5-p273 (HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\{64763A89-6347-43AF-833F-3840615C62AE}_is1) (Version: 2.1.5-p273 - RubyInstaller Team)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-117805156-1059988709-3418736103-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

03-04-2015 19:43:36 Windows Update
11-04-2015 11:55:38 Scheduled Checkpoint
15-04-2015 10:26:58 Windows Update
20-04-2015 17:08:27 avast! antivirus system restore point
22-04-2015 12:07:44 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-04-22 12:07 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0464DFA2-CA8E-4558-B118-A867B2BE49EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-20] (Avast Software s.r.o.)
Task: {2202E1D0-3A3A-41BD-A8B0-987ED24B6791} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-02-17] ()
Task: {2764091C-F234-4EE8-8ED9-7417658F5D99} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\Windows\System32\AutoUpdate.exe
Task: {2BC4A5D4-21F9-4D60-A63F-F62829176C43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {35FAAF03-4248-4006-9BC7-40AFCCA46313} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {45BEA05D-E874-49C8-9692-9EC7908501C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4F3E823E-4FEC-4FBC-A426-DCF8117DCC57} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe
Task: {4FB29A9D-2395-41B3-BFC0-FF93855275C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {57451F2F-B104-4780-AED3-494436BA5407} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6BFD5CB8-ABD0-4DB2-B313-7FBB376AF197} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {7153101F-4C03-442B-A407-834702DFE503} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-01] (COMODO)
Task: {8EAE4A68-1A99-49CF-953D-ABEFD2F6E52A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {95DCF229-10F9-4D00-9885-AC294AAE2F8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {9841C935-CF04-419F-8860-D32AAA4253B2} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-02-17] ()
Task: {9A1DB490-5E7F-4947-A36F-94ADA7BD43CE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {B5533BF1-C56D-4C9B-8423-DFC082DF94F9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {F7D3730F-9CC2-4230-8A5A-CFFD45061A0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {FC3F5201-17F9-4451-9C3F-927428AB7D88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FF7B37E9-278D-4FDF-8725-0E172AE9DDBD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-20] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-10 23:57 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-14 16:09 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-20 17:09 - 2015-04-20 17:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-20 17:09 - 2015-04-20 17:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-22 10:42 - 2015-04-22 10:42 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll
2015-04-20 17:09 - 2015-04-20 17:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-20 17:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-20 17:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-20 17:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-20 17:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-20 17:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-20 13:23 - 2015-01-20 13:23 - 00307712 _____ () C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\opus.dll
2015-01-20 13:23 - 2015-01-20 13:23 - 00437248 _____ () C:\Users\Vilyam\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Vilyam\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\adwcleaner_4.201.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Desktop\civ100.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\civ100.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Desktop\CKScanner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\CKScanner.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Desktop\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117805156-1059988709-3418736103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vilyam\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1080p-tree-on-the-prairie-hd-wallpaper-hd-wallpaper-1920x1200-6-53fb78a307dce-3126.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-117805156-1059988709-3418736103-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-117805156-1059988709-3418736103-500 - Administrator - Disabled)
Guest (S-1-5-21-117805156-1059988709-3418736103-501 - Limited - Disabled)
Vilyam (S-1-5-21-117805156-1059988709-3418736103-1001 - Administrator - Enabled) => C:\Users\Vilyam

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 01:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 11.0.7.79, time stamp: 0x536b812b
Faulting module name: Acrobat.dll, version: 11.0.7.79, time stamp: 0x536b80ff
Exception code: 0xc0000005
Fault offset: 0x00139641
Faulting process id: 0x1bcc
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3
Faulting package full name: Acrobat.exe4
Faulting package-relative application ID: Acrobat.exe5

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application


Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
0x8e5e0210 (0x8e5e0210)

Error: (04/22/2015 00:07:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (7128) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00004.log.

Error: (04/22/2015 00:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (04/22/2015 00:29:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/22/2015 00:29:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/22/2015 00:29:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/22/2015 00:29:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/22/2015 00:29:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2015 00:29:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2015 00:29:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2015 00:29:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2015 00:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2015 00:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/22/2015 01:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Acrobat.exe11.0.7.79536b812bAcrobat.dll11.0.7.79536b80ffc0000005001396411bcc01d07d37b552b28dC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.dllfb61adf8-e92a-11e4-be83-74d02b2c09cc

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Context: Windows Application


Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (04/22/2015 00:07:58 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
0x8e5e0210 (0x8e5e0210)
4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

Error: (04/22/2015 00:07:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer7128Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00004.log-1811 (0xfffff8ed)

Error: (04/22/2015 00:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


CodeIntegrity Errors:
===================================
Date: 2015-04-22 12:55:23.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 12:48:39.158
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 12:40:42.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 12:19:54.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 12:11:28.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 10:12:55.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 10:02:51.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 09:35:41.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 09:29:23.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 08:46:56.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 16256.66 MB
Available physical RAM: 13800.43 MB
Total Pagefile: 18688.66 MB
Available Pagefile: 15654.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:651.58 GB) (Free:564.59 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:394.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB4EF6FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=651.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=279.8 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5B625B62)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ken545
2015-04-23, 00:25
Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.



Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Also let me know how you feel your system is running now ?????

zillo396
2015-04-23, 00:37
The system seems to be running fine, just a little slow at start up but that's probably due to some of the new programs that were installed.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015
Ran by Vilyam at 2015-04-22 14:30:50 Run:2
Running from C:\Users\Vilyam\Desktop
Loaded Profiles: Vilyam (Available profiles: Vilyam)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-04-16 22:04 - 2015-04-16 22:06 - 00000000 ____D () C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS
2015-04-20 20:20 - 2015-02-10 23:54 - 00000000 ____D () C:\Users\Vilyam\AppData\Roaming\uTorrent
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Vilyam\Downloads\Vikings.S03E09.REPACK.HDTV.x264-KILLERS => Moved successfully.
C:\Users\Vilyam\AppData\Roaming\uTorrent => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 24.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:31:32 ====

ken545
2015-04-23, 00:45
Just reboot your system a few times, it may speed it up


Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.



==========================================================


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.

http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg (http://s24.photobucket.com/user/ken545/media/DelFix_zps139e2ea1.jpg.html)


Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button


This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=97186)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

zillo396
2015-04-23, 01:04
Getting, Windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item.

I disabled any protection that was on prior to running it.

zillo396
2015-04-23, 01:13
Nevermind Ken, I got it. Thanks a ton for your help and time. Much appreciated.

ken545
2015-04-23, 01:49
Your most welcome my friend,

Take Care

Ken :)

ken545
2015-04-23, 17:25
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.