Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Cheap-o will not be removed

This is a discussion on Cheap-o will not be removed within the Resolved HJT Threads forums, part of the Tech Support Forum category. I've tried everything I can. I used about 4 or 5 virus/malware removal software (Malwarebytes, Hitman Pro, Avira, adwcleaner, Start


 
 
Thread Tools Search this Thread
Old 06-30-2015, 09:02 PM   #1
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



I've tried everything I can. I used about 4 or 5 virus/malware removal software (Malwarebytes, Hitman Pro, Avira, adwcleaner, Start Emisoft Emergency, etc), followed about 3 guides for resetting my browsers and how to remove the malware, I even uninstalled anything I didn't recognize and NOTHING!!

Every few hours after I "remove" the malware, it shows up again. I wanted to system restore but for some reason, none prior to today are coming up. I was about to do a full reset, but I don't even know if I have a disk to install windows (it came pre-installed off of Newegg).

I'm at the end of my wits here, I'm not new to computers and no virus (not even a trojan) has given me this much trouble. I'm seriously about to say F it and get a new computer. The constant spam when browsing the internet is extremely frustrating and I don't want to find out my information is being stolen.

I'm pretty sure it's not a website I'm visiting since I mostly just browse facebook, youtube and Amazon. Rarely do I go to an unfamiliar site unless I'm 100% sure it's official.

I don't remember downloading anything recently besides a few steam games here and there.

Please, any help is appreciated. I'd hate to shell out another $700 for a new PC, but at this point I'm ready to toss this thing.
killerkerberos6 is offline  
Sponsored Links
Advertisement
 
Old 07-03-2015, 09:18 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I know you said you already ran AdwCleaner, but I'd still like to see a log.

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-04-2015, 12:28 AM   #3
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



# AdwCleaner v4.207 - Logfile created 04/07/2015 at 03:21:31
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.130

[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6128 bytes] - [21/06/2015 02:30:28]
AdwCleaner[R1].txt - [1021 bytes] - [27/06/2015 15:02:28]
AdwCleaner[R2].txt - [1140 bytes] - [30/06/2015 15:58:25]
AdwCleaner[R3].txt - [1482 bytes] - [04/07/2015 03:20:04]
AdwCleaner[S0].txt - [4807 bytes] - [21/06/2015 02:33:14]
AdwCleaner[S1].txt - [1088 bytes] - [27/06/2015 15:03:47]
AdwCleaner[S2].txt - [1413 bytes] - [04/07/2015 03:21:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1472 bytes] ##########
killerkerberos6 is offline  
Sponsored Links
Advertisement
 
Old 07-04-2015, 12:57 AM   #4
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ryan (administrator) on RYAN-PC on 04-07-2015 03:51:45
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\...\Run: [GalaxyClient] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3F36217D-D075-489E-BF85-9AE9C1A349E6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{866023DA-CB3E-478E-B8AC-550874CCB31A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9BB2AB7-857A-448C-8FB2-83249851769A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FDB57EB9-CCC7-42D2-86EC-49DCA1B447E6}: [DhcpNameServer] 192.168.200.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-12-19] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3998199410-2582608653-3588484737-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-04-27] ()

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-28]
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-28]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-28]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-28]
CHR Extension: (Sad Panda) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2014-10-28]
CHR Extension: (Adblock Plus) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-18]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-28]
CHR Extension: (Google Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-28]
CHR Extension: (High School of The Dead) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnlheppbicdmapkelehaaglaopfcpbb [2014-10-28]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-28]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
CHR Extension: (Google Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-04]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR Extension: (High School of The Dead) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocnlheppbicdmapkelehaaglaopfcpbb [2015-06-30]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-18] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-20] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-28] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-06-19] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-03] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6677048 2015-07-03] (GOG.com)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-11-17] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2015-06-20] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-04-28] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-09] (Disc Soft Ltd)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-30] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 sjcst; \??\C:\AeriaGames\EdenEternal\avital\sjcsu64.sys [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 03:51 - 2015-07-04 03:52 - 00016563 _____ C:\Users\Ryan\Downloads\FRST.txt
2015-07-04 03:51 - 2015-07-04 03:51 - 02112512 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2015-07-04 03:51 - 2015-07-04 03:51 - 00000000 ____D C:\FRST
2015-07-04 03:18 - 2015-07-04 03:19 - 02244096 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2015-07-03 19:55 - 2015-07-03 19:55 - 00276672 _____ C:\Windows\Minidump\070315-28064-01.dmp
2015-07-03 16:36 - 2015-07-03 16:36 - 00000802 _____ C:\Users\Ryan\Desktop\World of Warships.lnk
2015-07-03 16:36 - 2015-07-03 16:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-07-03 16:32 - 2015-07-03 16:35 - 07052760 _____ (Wargaming.net ) C:\Users\Ryan\Downloads\WoWS_internet_install_na.exe
2015-07-01 00:21 - 2015-07-01 00:22 - 00007587 _____ C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2015-06-30 23:29 - 2015-07-04 03:15 - 00000024 _____ C:\Users\Ryan\AppData\Roaming\appdataFr25.bin
2015-06-30 16:21 - 2015-06-30 16:21 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-06-30 16:21 - 2015-06-30 16:21 - 00000298 _____ C:\Windows\system32\eamclean.dat
2015-06-30 16:02 - 2015-06-30 16:02 - 00000750 _____ C:\Users\Ryan\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-30 16:01 - 2015-07-04 03:16 - 00000000 ____D C:\EEK
2015-06-30 16:01 - 2015-06-30 00:14 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-30 12:26 - 2015-06-30 12:28 - 00000010 _____ C:\Users\Ryan\Desktop\New Text Document.txt
2015-06-29 04:48 - 2015-06-29 04:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\EdenGame
2015-06-27 15:30 - 2015-06-27 15:30 - 00002034 _____ C:\Windows\system32\.crusader
2015-06-27 15:09 - 2015-06-27 15:31 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-27 15:09 - 2015-06-27 15:09 - 00001904 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-27 15:09 - 2015-06-27 15:09 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-24 12:41 - 2015-07-03 19:55 - 521759048 _____ C:\Windows\MEMORY.DMP
2015-06-24 12:41 - 2015-06-24 12:41 - 00276616 _____ C:\Windows\Minidump\062415-36051-01.dmp
2015-06-24 11:53 - 2015-06-30 22:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 11:53 - 2015-06-24 11:53 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-24 11:53 - 2015-06-24 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-24 11:53 - 2015-06-24 11:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-24 11:53 - 2015-04-14 10:39 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-24 11:53 - 2015-04-14 10:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-24 11:53 - 2015-04-14 10:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-22 23:39 - 2015-06-22 23:39 - 00000000 ____D C:\ProgramData\ATI
2015-06-22 23:38 - 2015-06-22 23:38 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\library_dir
2015-06-22 23:36 - 2015-06-22 23:36 - 00064052 _____ C:\Windows\SysWOW64\CCCInstall_201506222336272582.log
2015-06-22 23:36 - 2015-06-22 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-06-22 23:36 - 2015-06-22 23:36 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-06-21 02:30 - 2015-07-04 03:21 - 00000000 ____D C:\AdwCleaner
2015-06-20 12:43 - 2015-06-20 12:43 - 00000000 ____D C:\Users\Ryan\AppData\Local\ESN
2015-06-20 10:42 - 2015-06-20 10:42 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-06-20 10:42 - 2015-06-20 10:42 - 00102128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-06-20 10:42 - 2015-06-20 10:42 - 00096448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-06-20 10:42 - 2015-06-20 10:42 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-06-20 10:42 - 2015-06-20 10:42 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-06-20 10:41 - 2015-06-20 10:41 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-06-20 10:41 - 2015-06-20 10:41 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-06-20 10:41 - 2015-06-20 10:41 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-06-20 10:41 - 2015-06-20 10:41 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-06-20 10:40 - 2015-06-20 10:40 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-06-20 10:40 - 2015-06-20 10:40 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-06-20 10:39 - 2015-06-20 10:39 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-06-20 10:39 - 2015-06-20 10:39 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-06-20 10:35 - 2015-06-20 10:35 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-06-20 10:28 - 2015-06-20 10:28 - 19339264 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-06-20 10:23 - 2015-06-20 10:23 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2015-06-20 10:18 - 2015-06-20 10:18 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll
2015-06-20 10:12 - 2015-06-20 10:12 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-06-20 10:12 - 2015-06-20 10:12 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-06-20 10:11 - 2015-06-20 10:11 - 47902208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-06-20 10:11 - 2015-06-20 10:11 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-06-20 10:11 - 2015-06-20 10:11 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-06-20 10:11 - 2015-06-20 10:11 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-06-20 10:08 - 2015-06-20 10:08 - 40990208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-06-20 10:04 - 2015-06-20 10:04 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-06-20 10:04 - 2015-06-20 10:04 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-06-20 02:49 - 2015-06-20 02:49 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-06-20 02:48 - 2015-06-20 02:48 - 05837824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-06-20 02:48 - 2015-06-20 02:48 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-06-20 02:25 - 2015-06-20 02:25 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-06-20 01:58 - 2015-06-20 01:58 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-06-20 01:57 - 2015-06-20 01:57 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-06-20 01:01 - 2015-06-20 01:01 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-06-20 00:45 - 2015-06-20 00:45 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-06-20 00:18 - 2015-06-20 00:18 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-06-20 00:11 - 2015-06-20 00:11 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-06-20 00:11 - 2015-06-20 00:11 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-06-20 00:06 - 2015-06-20 00:06 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-06-19 23:51 - 2015-06-19 23:51 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-06-19 23:49 - 2015-06-19 23:49 - 00641088 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-06-19 23:49 - 2015-06-19 23:49 - 00641088 _____ C:\Windows\system32\atiapfxx.blb
2015-06-19 23:49 - 2015-06-19 23:49 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-06-19 23:48 - 2015-06-19 23:48 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-06-19 23:48 - 2015-06-19 23:48 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-06-19 23:48 - 2015-06-19 23:48 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-06-19 23:48 - 2015-06-19 23:48 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-06-19 23:48 - 2015-06-19 23:48 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-06-19 23:44 - 2015-06-19 23:44 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-06-19 23:39 - 2015-06-19 23:39 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-06-19 23:39 - 2015-06-19 23:39 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-06-19 23:28 - 2015-06-19 23:28 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-06-19 23:28 - 2015-06-19 23:28 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-06-19 23:28 - 2015-06-19 23:28 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-06-19 23:27 - 2015-06-19 23:27 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-06-19 23:25 - 2015-06-19 23:25 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-06-19 22:59 - 2015-06-19 22:59 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-06-19 22:58 - 2015-06-19 22:58 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-06-19 22:58 - 2015-06-19 22:58 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-06-19 22:58 - 2015-06-19 22:58 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-06-19 22:58 - 2015-06-19 22:58 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-06-19 22:58 - 2015-06-19 22:58 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-06-19 22:58 - 2015-06-19 22:58 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-06-19 14:35 - 2015-06-19 14:24 - 00238376 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-06-16 14:51 - 2015-06-16 14:51 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Warner Bros. Interactive Entertainment
2015-06-12 16:34 - 2015-06-12 16:35 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2013
2015-06-12 16:34 - 2015-06-12 16:35 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2013
2015-06-12 02:42 - 2015-06-12 02:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\NuGet
2015-06-12 02:27 - 2015-06-12 02:43 - 00000000 ____D C:\Users\Ryan\Documents\Visual Studio 2013
2015-06-12 02:15 - 2015-06-12 02:15 - 00000000 ____D C:\Program Files\Unity
2015-06-12 01:56 - 2015-06-12 01:57 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-06-12 01:56 - 2015-06-12 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-06-12 01:53 - 2015-06-12 01:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-06-12 01:52 - 2015-06-30 23:44 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-06-12 01:49 - 2015-06-12 02:24 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-12 01:49 - 2015-06-12 02:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-12 01:49 - 2015-06-12 01:49 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-06-12 01:49 - 2015-06-12 01:49 - 00000000 ____D C:\Windows\system32\1033
2015-06-12 01:47 - 2015-06-12 01:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-06-12 01:47 - 2015-06-12 01:47 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-06-12 01:43 - 2015-06-30 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-06-12 01:15 - 2015-06-12 01:15 - 00276672 _____ C:\Windows\Minidump\061215-26910-01.dmp
2015-06-11 14:36 - 2015-06-11 14:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\com.playsaurus.heroclicker
2015-06-10 10:11 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:11 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 10:11 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:11 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 10:11 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 10:11 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 10:11 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 10:11 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 10:11 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 10:11 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 10:11 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 10:11 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 10:11 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 10:11 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 10:11 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 10:11 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 10:11 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 10:11 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 10:11 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 10:11 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 10:11 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 10:11 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 10:11 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 10:11 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 10:11 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 10:11 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 10:11 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 10:11 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 10:11 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 10:11 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 10:11 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:11 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:11 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:11 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:11 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:11 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:11 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:11 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:11 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:11 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:11 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:11 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:11 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:11 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:11 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:11 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:11 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:11 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:11 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:11 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:11 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:11 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:11 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:11 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:11 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:11 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:11 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:11 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:11 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:11 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 10:09 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 10:09 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 10:09 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 10:09 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 10:09 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 10:09 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 10:09 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 10:09 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 10:09 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 10:09 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 10:09 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 10:09 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 10:09 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 10:09 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 10:09 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 10:09 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 10:09 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 10:09 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 10:09 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 10:09 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 10:09 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 10:09 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 10:09 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 10:09 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 10:09 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 10:09 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 10:09 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 10:09 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:09 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 10:09 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 10:09 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 10:09 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:09 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:09 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 10:09 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 10:09 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 10:09 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 10:09 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 10:09 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 10:09 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 10:09 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 10:09 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:09 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:09 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:09 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:09 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:09 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 10:09 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 10:09 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 10:09 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 10:09 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 10:09 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 10:09 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 10:09 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 23:49 - 2015-06-07 23:49 - 00003216 _____ C:\Users\Ryan\Documents\GOTTA GO FAST.wlmp
2015-06-07 23:37 - 2015-06-07 23:37 - 00000000 ____D C:\Users\Ryan\AppData\Local\Windows Live
2015-06-07 23:37 - 2015-06-07 23:37 - 00000000 ____D C:\Users\Ryan\AppData\Local\{D0456DB6-817F-4342-BEBB-F24C68262BC3}
2015-06-07 23:22 - 2015-06-07 23:22 - 00000569 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-06-07 23:22 - 2015-06-07 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-06-07 23:21 - 2015-06-07 23:27 - 00000000 ____D C:\Fraps
2015-06-05 00:54 - 2015-06-08 11:52 - 00000000 ____D C:\Users\Ryan\Zomboid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 03:44 - 2014-10-29 00:25 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
2015-07-04 03:34 - 2014-10-28 17:21 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-04 03:31 - 2009-07-14 00:45 - 00028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-04 03:31 - 2009-07-14 00:45 - 00028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-04 03:30 - 2014-11-25 23:00 - 00000000 ____D C:\Users\Ryan\Desktop\Emulators
2015-07-04 03:26 - 2014-09-05 20:57 - 01655790 _____ C:\Windows\WindowsUpdate.log
2015-07-04 03:23 - 2014-10-28 16:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-04 03:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-04 03:22 - 2009-07-14 00:51 - 00067494 _____ C:\Windows\setupact.log
2015-07-04 03:04 - 2014-10-28 16:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-04 02:18 - 2014-11-11 23:28 - 00000024 _____ C:\Users\Ryan\random.dat
2015-07-04 02:07 - 2014-11-11 23:28 - 00000043 _____ C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
2015-07-04 00:26 - 2014-11-20 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-07-03 21:38 - 2014-12-22 15:46 - 00000000 ____D C:\Users\Ryan\Documents\SavedGames
2015-07-03 19:55 - 2014-11-30 05:43 - 00000000 ____D C:\Windows\Minidump
2015-07-03 16:36 - 2014-11-03 18:35 - 00000000 ____D C:\Games
2015-07-01 16:26 - 2014-10-28 16:59 - 00000000 ____D C:\Users\Ryan\AppData\Local\Battle.net
2015-07-01 13:44 - 2014-11-03 05:00 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-07-01 13:15 - 2014-11-01 18:44 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft
2015-07-01 00:13 - 2014-09-05 21:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-30 23:45 - 2014-09-05 21:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-30 23:44 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-30 13:03 - 2014-10-28 16:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-29 04:34 - 2014-10-29 02:46 - 00000000 ____D C:\Users\Ryan\Documents\my games
2015-06-27 04:39 - 2015-02-01 18:33 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2015-06-26 15:09 - 2014-10-29 23:28 - 00001149 _____ C:\Users\Public\Desktop\Elite Dangerous Launcher.lnk
2015-06-24 14:33 - 2014-11-16 18:24 - 00348672 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-06-24 14:33 - 2014-11-16 18:16 - 00348672 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-24 14:32 - 2014-11-16 18:16 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-24 14:18 - 2014-11-15 05:15 - 00000000 ____D C:\ProgramData\Origin
2015-06-24 13:47 - 2015-05-01 20:22 - 00000080 _____ C:\Users\Ryan\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-24 13:46 - 2015-05-01 20:21 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-24 13:46 - 2014-11-09 19:16 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-24 12:39 - 2010-11-20 23:47 - 00089432 _____ C:\Windows\PFRO.log
2015-06-24 12:39 - 2009-07-14 01:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-06-23 00:46 - 2014-12-25 21:08 - 00000000 ____D C:\Users\Ryan\Documents\WB Games
2015-06-22 23:36 - 2014-09-05 21:26 - 00000000 ____D C:\ProgramData\AMD
2015-06-22 23:35 - 2014-09-05 21:26 - 00000000 ____D C:\Program Files\AMD
2015-06-22 23:31 - 2014-09-05 21:26 - 00000000 ____D C:\Program Files (x86)\AMD
2015-06-22 23:27 - 2014-09-05 21:22 - 00000000 ____D C:\AMD
2015-06-22 18:07 - 2014-10-28 16:39 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 14:43 - 2014-11-15 05:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-21 02:34 - 2014-11-16 18:21 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-21 02:33 - 2014-10-28 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-20 22:09 - 2014-11-09 19:13 - 00000000 ____D C:\Users\Ryan\Desktop\GTA Sa
2015-06-20 17:45 - 2014-10-28 17:01 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-06-20 13:04 - 2014-12-29 19:26 - 00001349 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-06-20 12:40 - 2014-11-15 05:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Origin
2015-06-20 12:38 - 2014-11-15 05:15 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-20 10:42 - 2014-04-17 22:43 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-06-20 10:41 - 2014-04-17 22:43 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-06-20 10:41 - 2014-04-17 22:42 - 01359752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-06-20 10:41 - 2014-04-17 22:42 - 01136736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-06-20 10:41 - 2014-04-17 22:42 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-06-20 10:40 - 2014-04-17 22:42 - 11102040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-06-20 10:40 - 2014-04-17 22:42 - 09420520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-06-19 22:59 - 2014-11-20 22:09 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-06-19 22:32 - 2014-11-20 22:10 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-06-19 01:16 - 2011-11-22 12:42 - 00286737 _____ C:\Windows\DirectX.log
2015-06-19 01:11 - 2014-11-20 16:52 - 00000000 ____D C:\GOG Games
2015-06-19 01:10 - 2014-10-29 20:09 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-06-19 01:10 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-18 15:50 - 2014-11-26 04:57 - 00000000 __SHD C:\Users\Ryan\AppData\Local\EmieUserList
2015-06-18 15:50 - 2014-11-26 04:57 - 00000000 __SHD C:\Users\Ryan\AppData\Local\EmieSiteList
2015-06-18 15:50 - 2014-11-26 04:57 - 00000000 __SHD C:\Users\Ryan\AppData\Local\EmieBrowserModeList
2015-06-18 03:02 - 2009-07-14 01:13 - 00796254 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 14:59 - 2014-11-03 01:17 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-17 02:06 - 2015-01-24 19:43 - 00000000 ____D C:\Users\Ryan\AppData\Local\CAPCOM
2015-06-17 00:08 - 2014-10-28 17:56 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-15 14:48 - 2014-10-30 20:05 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-12 13:52 - 2015-05-18 18:49 - 00000000 ____D C:\Users\Ryan\Documents\The Witcher 3
2015-06-12 13:50 - 2015-05-18 18:49 - 00000000 ____D C:\Users\Ryan\AppData\Local\GalaxyCommunicationService
2015-06-12 01:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-12 01:47 - 2011-11-22 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-10 23:23 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 23:21 - 2009-07-14 00:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 23:20 - 2014-12-10 05:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 23:20 - 2014-10-31 03:42 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 23:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 16:10 - 2014-10-29 22:46 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 16:04 - 2014-10-29 23:53 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-05 00:54 - 2014-10-28 16:35 - 00000000 ____D C:\Users\Ryan

==================== Files in the root of some directories =======

2015-06-30 23:29 - 2015-07-04 03:15 - 0000024 _____ () C:\Users\Ryan\AppData\Roaming\appdataFr25.bin
2015-07-01 00:21 - 2015-07-01 00:22 - 0007587 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Ryan\AppData\Local\Temp\33eb9f87d8bafa81a1178803134ee1e6.dll
C:\Users\Ryan\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\Ryan\AppData\Local\Temp\comver.dll
C:\Users\Ryan\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Ryan\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\Ryan\AppData\Local\Temp\Gw2.exe
C:\Users\Ryan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ryan\AppData\Local\Temp\Nexus Mod Manager-0.53.7.exe
C:\Users\Ryan\AppData\Local\Temp\Nexus Mod Manager-0.54.4.exe
C:\Users\Ryan\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ryan\AppData\Local\Temp\raptr_stub.exe
C:\Users\Ryan\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Ryan\AppData\Local\Temp\sfextra.dll
C:\Users\Ryan\AppData\Local\Temp\SRLDetectionLibrary8766721395045563092.dll
C:\Users\Ryan\AppData\Local\Temp\tmp9636.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Attached Files
File Type: txt Addition.txt (101.6 KB, 19 views)
killerkerberos6 is offline  
Old 07-04-2015, 05:38 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello killerkerberos6.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

Create a system repair disc

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-04-2015, 08:27 PM   #6
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



I'm doing a backup now, I'll update with the combofix sometime tomorrow
killerkerberos6 is offline  
Old 07-04-2015, 09:26 PM   #7
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



The backup didn't take as long as I thought.

Also, wasn't sure if you wanted to copy the log or give you the file, so I uploaded it

ComboFix 15-06-30.01 - Ryan 07/04/2015 23:51:13.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5558 [GMT -4:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-06-05 to 2015-07-05 )))))))))))))))))))))))))))))))
.
.
2015-07-05 04:08 . 2015-07-05 04:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-04 17:36 . 2015-07-04 17:36 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A9E5973-B148-4302-9C7F-C29B40B3C25B}\offreg.888.dll
2015-07-04 17:34 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A9E5973-B148-4302-9C7F-C29B40B3C25B}\mpengine.dll
2015-07-04 07:51 . 2015-07-04 07:53 -------- d-----w- C:\FRST
2015-07-03 16:50 . 2015-07-01 02:54 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{237BB28C-5BD2-41CF-B58E-289625EEBB11}\gapaengine.dll
2015-07-03 16:48 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-01 03:29 . 2015-07-04 07:15 24 ----a-w- c:\users\Ryan\AppData\Roaming\appdataFr25.bin
2015-06-30 20:21 . 2015-06-30 20:21 77312 ----a-w- c:\windows\system32\eamclean.exe
2015-06-30 20:01 . 2015-06-30 04:14 135800 ----a-w- c:\windows\system32\drivers\epp64.sys
2015-06-30 20:01 . 2015-07-04 07:16 -------- d-----w- C:\EEK
2015-06-29 08:48 . 2015-06-29 08:48 -------- d-----w- c:\users\Ryan\AppData\Local\EdenGame
2015-06-27 19:09 . 2015-06-27 19:09 -------- d-----w- c:\program files\HitmanPro
2015-06-27 19:09 . 2015-06-27 19:31 -------- d-----w- c:\programdata\HitmanPro
2015-06-24 15:53 . 2015-07-01 02:44 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-24 15:53 . 2015-06-24 15:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-24 15:53 . 2015-04-14 14:39 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-24 15:53 . 2015-04-14 14:38 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-24 15:53 . 2015-04-14 14:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-23 03:39 . 2015-06-23 03:39 -------- d-----w- c:\programdata\ATI
2015-06-23 03:38 . 2015-06-23 03:38 -------- d-----w- c:\users\Ryan\AppData\Roaming\library_dir
2015-06-23 03:36 . 2015-06-23 03:36 -------- d-----w- c:\program files (x86)\AMD AVT
2015-06-21 06:30 . 2015-07-04 07:21 -------- d-----w- C:\AdwCleaner
2015-06-20 16:43 . 2015-06-20 16:43 -------- d-----w- c:\users\Ryan\AppData\Local\ESN
2015-06-20 14:42 . 2015-06-20 14:42 102128 ----a-w- c:\windows\system32\amdave64.dll
2015-06-20 14:42 . 2015-06-20 14:42 96448 ----a-w- c:\windows\SysWow64\amdave32.dll
2015-06-20 14:42 . 2015-06-20 14:42 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2015-06-20 14:42 . 2015-06-20 14:42 78432 ----a-w- c:\windows\system32\atimpc64.dll
2015-06-20 14:42 . 2015-06-20 14:42 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2015-06-20 14:41 . 2015-06-20 14:41 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2015-06-20 14:41 . 2015-06-20 14:41 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2015-06-20 14:41 . 2015-06-20 14:41 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-20 14:41 . 2015-06-20 14:41 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2015-06-20 14:40 . 2015-06-20 14:40 7559840 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-20 14:40 . 2015-06-20 14:40 7077264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2015-06-20 14:39 . 2015-06-20 14:39 8381280 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-20 14:39 . 2015-06-20 14:39 8368872 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-20 14:35 . 2015-06-20 14:35 294600 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-06-20 14:28 . 2015-06-20 14:28 19339264 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-06-20 14:23 . 2015-06-20 14:23 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2015-06-20 14:18 . 2015-06-20 14:18 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2015-06-20 14:12 . 2015-06-20 14:12 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-06-20 14:12 . 2015-06-20 14:12 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2015-06-20 14:11 . 2015-06-20 14:11 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2015-06-20 14:11 . 2015-06-20 14:11 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2015-06-20 14:11 . 2015-06-20 14:11 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2015-06-20 14:11 . 2015-06-20 14:11 47902208 ----a-w- c:\windows\system32\amdocl64.dll
2015-06-20 14:08 . 2015-06-20 14:08 40990208 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-20 14:04 . 2015-06-20 14:04 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-06-20 14:04 . 2015-06-20 14:04 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-06-20 06:49 . 2015-06-20 06:49 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-06-20 06:48 . 2015-06-20 06:48 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-06-20 06:48 . 2015-06-20 06:48 5837824 ----a-w- c:\windows\system32\amdmantle64.dll
2015-06-20 06:25 . 2015-06-20 06:25 4590592 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-06-20 05:58 . 2015-06-20 05:58 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-06-20 05:57 . 2015-06-20 05:57 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-06-20 05:01 . 2015-06-20 05:01 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-06-20 04:45 . 2015-06-20 04:45 28354560 ----a-w- c:\windows\system32\atio6axx.dll
2015-06-20 04:18 . 2015-06-20 04:18 23626752 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-06-20 04:11 . 2015-06-20 04:11 49664 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-06-20 04:11 . 2015-06-20 04:11 38912 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-06-20 03:49 . 2015-06-20 03:49 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-06-20 03:48 . 2015-06-20 03:48 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-06-20 03:48 . 2015-06-20 03:48 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-06-20 03:48 . 2015-06-20 03:48 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-06-20 03:48 . 2015-06-20 03:48 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-06-20 03:48 . 2015-06-20 03:48 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2015-06-20 03:44 . 2015-06-20 03:44 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-06-20 03:39 . 2015-06-20 03:39 89088 ----a-w- c:\windows\system32\atisamu64.dll
2015-06-20 03:39 . 2015-06-20 03:39 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2015-06-20 03:28 . 2015-06-20 03:28 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-06-20 03:28 . 2015-06-20 03:28 31232 ----a-w- c:\windows\system32\atimuixx.dll
2015-06-20 03:28 . 2015-06-20 03:28 776192 ----a-w- c:\windows\system32\atieclxx.exe
2015-06-20 03:27 . 2015-06-20 03:27 246272 ----a-w- c:\windows\system32\atiesrxx.exe
2015-06-20 03:25 . 2015-06-20 03:25 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-06-20 02:59 . 2015-06-20 02:59 905728 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-20 02:58 . 2015-06-20 02:58 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-06-20 02:58 . 2015-06-20 02:58 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-06-20 02:58 . 2015-06-20 02:58 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-06-20 02:58 . 2015-06-20 02:58 146944 ----a-w- c:\windows\system32\atig6txx.dll
2015-06-20 02:58 . 2015-06-20 02:58 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-06-20 02:58 . 2015-06-20 02:58 591872 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-06-19 18:35 . 2015-06-19 18:24 238376 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2015-06-16 18:51 . 2015-06-16 18:51 -------- d-----w- c:\users\Ryan\AppData\Roaming\Warner Bros. Interactive Entertainment
2015-06-12 20:35 . 2015-07-01 03:43 1125632 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
2015-06-12 06:42 . 2015-06-12 06:42 -------- d-----w- c:\users\Ryan\AppData\Roaming\NuGet
2015-06-12 06:15 . 2015-06-12 06:15 -------- d-----w- c:\program files\Unity
2015-06-12 06:04 . 2015-06-12 06:04 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2015-06-12 05:56 . 2015-06-12 05:56 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2015-06-12 05:56 . 2015-06-12 05:57 -------- d-----w- c:\program files (x86)\Windows Kits
2015-06-12 05:53 . 2015-06-12 05:53 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2015-06-12 05:52 . 2015-07-01 03:44 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2015-06-12 05:49 . 2015-06-12 05:49 -------- d-----w- c:\windows\SysWow64\1033
2015-06-12 05:49 . 2015-06-12 05:49 -------- d-----w- c:\windows\system32\1033
2015-06-12 05:49 . 2015-06-12 06:24 -------- d-----w- c:\program files\Microsoft SQL Server
2015-06-12 05:49 . 2015-06-12 06:23 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2015-06-12 05:47 . 2015-06-12 05:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2015-06-12 05:43 . 2015-07-01 03:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
2015-06-12 05:34 . 2015-06-12 05:34 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-06-11 18:36 . 2015-06-11 18:36 -------- d-----w- c:\users\Ryan\AppData\Roaming\com.playsaurus.heroclicker
2015-06-10 14:09 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-08 03:37 . 2015-06-08 03:37 -------- d-----w- c:\users\Ryan\AppData\Local\Windows Live
2015-06-08 03:21 . 2015-06-08 03:27 -------- d-----w- C:\Fraps
2015-06-05 04:54 . 2015-06-08 15:52 -------- d-----w- c:\users\Ryan\Zomboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 02:54 . 2014-11-03 16:41 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-24 18:33 . 2014-11-16 22:24 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-06-24 18:33 . 2014-11-16 22:16 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-06-24 18:32 . 2014-11-16 22:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-06-20 14:42 . 2014-04-18 02:43 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2015-06-20 14:41 . 2014-04-18 02:43 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-20 14:41 . 2014-04-18 02:42 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-20 14:41 . 2014-04-18 02:42 1359752 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-20 14:41 . 2014-04-18 02:42 1136736 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-20 14:40 . 2014-04-18 02:42 11102040 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-20 14:40 . 2014-04-18 02:42 9420520 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-20 02:59 . 2014-11-21 02:09 1218560 ----a-w- c:\windows\system32\atiadlxx.dll
2015-06-20 02:32 . 2014-11-21 02:10 846848 ----a-w- c:\windows\system32\coinst_14.50.dll
2015-06-10 20:04 . 2014-10-30 03:53 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 14:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-14 07:02 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 07:02 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 18:11 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 18:11 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 18:11 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 18:12 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 18:12 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 18:12 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 18:11 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 18:11 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 18:11 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Akamai NetSession Interface"="c:\users\Ryan\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-20 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]
R2 amdacpusrsvc;ACP User Service;c:\amd\amdacpusrsvc.exe;c:\amd\amdacpusrsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 sjcst;sjcst;c:\aeriagames\EdenEternal\avital\sjcsu64.sys;c:\aeriagames\EdenEternal\avital\sjcsu64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va028;X6va028;c:\windows\SysWOW64\Drivers\X6va028;c:\windows\SysWOW64\Drivers\X6va028 [x]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 22:07 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 20:38]
.
2015-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 20:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-GalaxyClient - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-SOE-PlanetSide 2 - c:\program files (x86)\Steam\steamapps\common\PlanetSide 2\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va028]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va028"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3998199410-2582608653-3588484737-1002\Software\SecuROM\License information*]
"datasecu"=hex:66,d1,f8,16,8e,b5,ff,52,ed,c5,eb,20,11,c1,be,ea,dc,2d,07,b9,07,
54,9c,82,b3,a1,d9,ed,a5,65,ac,0d,53,2f,d7,0d,76,af,c8,88,c1,d1,36,08,fe,24,\
"rkeysecu"=hex:29,b8,c2,ae,3d,4c,dd,1c,f8,4c,83,76,47,89,93,2e
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-05 00:17:52
ComboFix-quarantined-files.txt 2015-07-05 04:17
.
Pre-Run: 112,013,283,328 bytes free
Post-Run: 113,243,422,720 bytes free
.
- - End Of File - - F25E1A277A2CA6D7536AB37BE92F36C1
A36C5E4F47E84449FF07ED3517B43A31
Attached Files
File Type: txt ComboFix.txt (22.9 KB, 14 views)
killerkerberos6 is offline  
Old 07-05-2015, 06:32 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, killerkerberos6. How is the machine behaving? Is Cheap-O gone or did it return?

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

Do use a development(experimental build) version of Chrome?

If not, you need to uninstall, then re-install Chrome after running FRST.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\...\Run: [GalaxyClient] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-05-2015, 08:24 PM   #9
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



I won't know for a few days if it comes back or not, for some reason before it was every few hours but now it's every few days. Hopefully this all works, and thank you for the help :)





Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Ryan at 2015-07-05 23:11:11 Run:1
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\...\Run: [GalaxyClient] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-3998199410-2582608653-3588484737-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
DAUpdaterSvc => Service removed successfully
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 23:12:39 ====
killerkerberos6 is offline  
Old 07-05-2015, 09:11 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, killerkerberos6. You're very welcome. Let me know. In the mean time...
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 25 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-06-2015, 07:45 PM   #11
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



C:\AdwCleaner\Quarantine\C\Program Files (x86)\relaydouble\RelayDouble.dll.vir a variant of Win32/Adware.MultiPlug.IX application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ssalePPrizEs\z36tkClFfRp3b7.exe.vir Win32/Adware.MultiPlug.KG application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{128614e8-07dd-4e11-b9ec-ca2c14f812c5}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application


so far the computer is a bit faster and I haven't seen cheap-o, or any adware for that matter for a while
Attached Files
File Type: txt scan.txt (1.1 KB, 21 views)
killerkerberos6 is offline  
Old 07-07-2015, 08:11 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, killerkerberos6. The AdwCleaner quarantine finds by ESET will get deleted when we uninstall AdwCleaner.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-07-2015, 08:40 PM   #13
Registered Member
 
Join Date: Jun 2015
Posts: 8
OS: win 7



Thanks for the help !

Also, AdwCleaner seems have uninstalled itself, the only thing left of it is the Quarantine folder, should I keep or delete that?
killerkerberos6 is offline  
Old 07-08-2015, 05:24 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, killerkerberos6! Glad to have helped.

Right-click and delete this folder:

C:\AdwCleaner
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I have a virus?
Hi there, my computer is really slow. To open a Firefox window it takes 1-2 minutes and same with internal computer documents and so on. Very ofter comp. freezes and has a message "Firefox is not responding" Very frustrated. My operational system is Acer AOD270
yellowyellow18 Resolved HJT Threads 59 06-13-2015 01:15 PM
Dregol Malware: HELP NEEDED
Hello, I would like to thank you so much for your help first, I really need it and actually broke down crying when I got this malware. I have been trying to rid myself of it and I think I have done so. I am sorry but I have already deleted various files and such, I have deleted everything with...
HelpmeIamanoob Resolved HJT Threads 14 05-30-2015 03:33 PM
win7 + xp
hello i'm buying new computer including win7, but I would also like to install my old HDD where 2 older OS are installed (XP & Vista). Now I have some questions? 1) Will that work by just putting old HDD inside or there will need to be done some change? 2) Will be XP and Vista recognized at...
dar03 Windows 7 , Windows Vista Support 3 04-25-2012 08:13 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts