WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Explorer Proxy Tick Virus [Solved]

Started by itsbmo , Sep 27 2014 01:48 PM

This topic is locked

30 replies to this topic

#1 itsbmo

New Member

Authentic Member
17 posts

Posted 27 September 2014 - 01:48 PM

Hi, so, this is whats happening.

I'm a gamer, and I play League of Legends. Recently I have not been able to get into the launcher. I found out that my Internet Explorer browser doesn't work and says this:

http://gyazo.com/18c...81214db0c493558

and when I try to change the proxy settings, this is what happens:

http://gyazo.com/7e8...7392fd812323bd4

I have heard this is a problem for League of Legends not working. If you'd like to know, this is what happens in League of Legends:

http://gyazo.com/531...06cd65384402f2a

So, I have been looking around the internet and have found nothing that helps me! The same error message occurs on Google Chrome, although I use Mozilla Firefox now:

http://gyazo.com/9db...d92ced8b79604d4

http://gyazo.com/d39...8216e12e0b888c1

Please help :'(

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 September 2014 - 03:14 PM

:welcome:

Need some logs from our scanners so we can see whats going on

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.

Click the Scan button to start scan.

If you are asked to update the Avast Virus database please allow it to do so.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

============================================================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Please make sure All Users is checked

Do not check

*List BCD

*Drivers MD5

*Shortcut txt

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 itsbmo

New Member

Authentic Member
17 posts

Posted 27 September 2014 - 04:04 PM

Here ya go.

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-27 17:19:16
-----------------------------
17:19:16.774    OS Version: Windows x64 6.1.7601 Service Pack 1
17:19:16.774    Number of processors: 4 586 0x2A07
17:19:16.774    ComputerName: BMO-PC UserName: BMo
17:19:21.777    Initialize success
17:19:21.908    VM: initialized successfully
17:19:21.960    VM: Intel CPU BiosDisabled
17:19:30.993    VM: supported disk I/O ataport.SYS
17:19:38.649    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:19:38.651    Disk 0 Vendor: WDC_WD3200AAKX-001CA0 15.01H15 Size: 305245MB BusType: 3
17:19:38.773    Disk 0 MBR read successfully
17:19:38.775    Disk 0 MBR scan
17:19:38.777    Disk 0 Windows 7 default MBR code
17:19:38.783    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:19:38.795    Disk 0 default boot code
17:19:38.807    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
17:19:38.836    Disk 0 scanning C:\Windows\system32\drivers
17:19:45.800    Service scanning
17:20:01.527    Modules scanning
17:20:01.872    Disk 0 trace - called modules:
17:20:01.890    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:20:01.894    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004703060]
17:20:01.898    3 CLASSPNP.SYS[fffff880018a243f] -> nt!IofCallDriver -> [0xfffffa80041374d0]
17:20:01.902    5 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800449c680]
17:20:01.907    Scan finished successfully
17:39:14.373    Disk 0 MBR has been saved successfully to "C:\Users\BMo\Desktop\MBR.dat"
17:39:14.441    The log file has been saved successfully to "C:\Users\BMo\Desktop\aswMBR.txt"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by BMo (administrator) on BMO-PC on 27-09-2014 18:01:50
Running from C:\Users\BMo\Downloads
Loaded Profile: BMo (Available profiles: BMo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Windows\Chipset\AsusSetup.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Spotify Ltd) C:\Users\BMo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Dropbox, Inc.) C:\Users\BMo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Hirez Studios, Inc.) C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\Binaries\Win32\Smite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hi-Rez Studios\HirezGameNotifier.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(AVAST Software) C:\Users\BMo\Downloads\aswMBR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Spotify] => C:\Users\BMo\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Spotify Web Helper] => C:\Users\BMo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
Startup: C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\BMo\AppData\Local\StormWatch\StormWatch.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default
FF NewTab: user_pref("browser.newtab.url", "");
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\BMo\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BMo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Mp3Olimp widget - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\jid0-SlJAN1IqVQffaO5onLnWK2zcA1Q@jetpack.xpi [2014-08-13]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-08-22]
FF Extension: Adblock Plus - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-07]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://api.searchpre...d={searchTerms}
CHR Profile: C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (Adguard AdBlocker) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-09-20]
CHR Extension: (YouTube) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Adblock for Youtube™) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-20]
CHR Extension: (Google Search) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Dark Vibe) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-09-20]
CHR Extension: (Google Sheets) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Gmail) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
U3 aswMBR; \??\C:\Users\BMo\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\BMo\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 18:01 - 2014-09-27 18:02 - 00017472 _____ () C:\Users\BMo\Downloads\FRST.txt
2014-09-27 18:01 - 2014-09-27 18:01 - 00000000 ____D () C:\FRST
2014-09-27 17:39 - 2014-09-27 17:39 - 00001822 _____ () C:\Users\BMo\Desktop\aswMBR.txt
2014-09-27 17:39 - 2014-09-27 17:39 - 00000512 _____ () C:\Users\BMo\Desktop\MBR.dat
2014-09-27 17:18 - 2014-09-27 17:19 - 05185536 _____ (AVAST Software) C:\Users\BMo\Downloads\aswMBR.exe
2014-09-27 17:18 - 2014-09-27 17:19 - 02108928 _____ (Farbar) C:\Users\BMo\Downloads\FRST64.exe
2014-09-27 15:26 - 2014-09-27 15:26 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 15:24 - 2014-09-27 15:24 - 01699276 _____ (Thisisu) C:\Users\BMo\Downloads\JRT.exe
2014-09-27 15:24 - 2014-09-27 15:24 - 01373475 _____ () C:\Users\BMo\Downloads\adwcleaner_3.310.exe
2014-09-27 15:14 - 2014-09-27 15:14 - 00662016 _____ () C:\Users\BMo\Downloads\MicrosoftFixit50566.msi
2014-09-27 10:03 - 2014-09-27 10:03 - 00000687 _____ () C:\awh6FC7.tmp
2014-09-27 10:01 - 2014-09-27 18:02 - 00000356 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001.job
2014-09-27 10:01 - 2014-09-27 10:01 - 00003266 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001
2014-09-27 09:59 - 2014-09-27 09:59 - 00000000 ____D () C:\Users\BMo\AppData\Local\CrashRpt
2014-09-27 09:58 - 2014-09-27 09:59 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 __SHD () C:\Users\BMo\AppData\Local\EmieUserList
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 __SHD () C:\Users\BMo\AppData\Local\EmieSiteList
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 ____D () C:\Users\BMo\AppData\Local\Weather_Protector_LLC
2014-09-27 09:57 - 2014-09-27 10:25 - 00000000 ____D () C:\Users\BMo\AppData\Local\StormWatch
2014-09-27 09:56 - 2014-09-27 09:56 - 00000077 _____ () C:\Users\BMo\AppData\Roaming\die.bat
2014-09-27 09:33 - 2014-09-27 09:33 - 00862208 _____ () C:\Windows\AdobeUpdater.exe
2014-09-27 09:32 - 2014-09-27 09:32 - 00000000 ____D () C:\Users\BMo\Desktop\New folder
2014-09-27 09:24 - 2014-09-27 09:32 - 00000000 ____D () C:\Users\BMo\Desktop\Update
2014-09-26 21:03 - 2014-09-26 21:07 - 00000000 ____D () C:\Users\BMo\Downloads\The Sims 4 Digital Deluxe Edition Update 2 and 3DM Crack v6
2014-09-26 19:28 - 2014-09-26 19:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-26 19:27 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Origin
2014-09-26 19:27 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\BMo\AppData\Local\Origin
2014-09-26 19:25 - 2014-09-26 19:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-26 19:25 - 2014-09-26 19:25 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-26 19:25 - 2014-09-26 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-26 19:25 - 2014-09-26 19:25 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-26 19:24 - 2014-09-27 10:01 - 00000000 ____D () C:\ProgramData\Origin
2014-09-26 19:07 - 2014-09-26 19:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 18:44 - 2014-09-27 10:28 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-09-25 21:28 - 2014-09-25 21:28 - 00000867 _____ () C:\Users\BMo\Desktop\BitTorrent.lnk
2014-09-25 21:28 - 2014-09-25 21:28 - 00000847 _____ () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-09-25 20:47 - 2014-09-25 20:47 - 00000000 ____D () C:\Users\BMo\Documents\My Games
2014-09-24 02:07 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 02:07 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 17:47 - 2014-09-22 17:47 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-09-22 17:47 - 2014-09-22 17:47 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-09-22 05:01 - 2014-09-22 05:01 - 00000000 ____D () C:\ProgramData\Gyazo
2014-09-21 12:03 - 2014-09-21 12:03 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft Games
2014-09-21 12:00 - 2014-09-21 12:11 - 00000000 ____D () C:\Program Files (x86)\Viva Pinata
2014-09-21 11:52 - 2014-09-21 11:52 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-09-21 11:50 - 2014-09-25 22:05 - 00000000 ____D () C:\Users\BMo\Downloads\GMT.KZ_The_Sims_4_Deluxe_Edition_RePack_MAXAGENT
2014-09-21 10:57 - 2014-09-21 10:57 - 00000000 ____D () C:\Users\BMo\AppData\Local\Razer
2014-09-20 20:34 - 2014-09-27 15:28 - 00001290 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-20 20:34 - 2014-09-27 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 20:29 - 2014-09-27 17:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 20:29 - 2014-09-27 15:29 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 20:29 - 2014-09-20 20:34 - 00000000 ____D () C:\Users\BMo\AppData\Local\Google
2014-09-20 20:29 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-20 20:29 - 2014-09-20 20:29 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-20 20:29 - 2014-09-20 20:29 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-20 18:49 - 2014-09-20 18:49 - 00895120 _____ (Google Inc.) C:\Users\BMo\Downloads\ChromeSetup.exe
2014-09-20 15:02 - 2014-09-20 15:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-09-20 15:01 - 2014-09-20 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-18 17:49 - 2014-09-27 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 17:37 - 2014-09-16 17:38 - 87256095 _____ () C:\Users\BMo\Downloads\Dunkey_Album.zip
2014-09-13 03:03 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:03 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:03 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:03 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:03 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:03 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:03 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:03 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:03 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:03 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:03 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:03 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:03 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:03 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:03 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:03 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:03 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:03 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:03 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:03 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:03 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:03 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:03 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:03 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:03 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:03 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:03 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:03 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:03 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:03 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:03 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:03 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:03 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:03 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:03 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:03 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:03 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:03 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:03 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:03 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:03 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:03 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:03 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:03 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:03 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:03 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:03 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:03 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:03 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:03 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:03 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:03 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:03 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:03 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:03 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:03 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 15:28 - 2014-09-12 15:28 - 00000000 ____D () C:\Users\BMo\AppData\Local\Razer_Inc
2014-09-12 10:08 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 10:08 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 10:06 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 10:06 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 10:03 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 10:03 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 10:03 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 10:03 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 10:03 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 10:03 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 10:03 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 12:20 - 2014-09-11 12:20 - 41945432 _____ (Apple Inc.) C:\Users\BMo\Downloads\QuickTimeInstaller.exe
2014-09-10 13:47 - 2014-09-10 13:47 - 20366120 _____ () C:\Users\BMo\Downloads\DoomedDungeonv1.2.rar
2014-09-10 13:22 - 2014-09-10 13:22 - 03978307 _____ () C:\Users\BMo\Downloads\SDP.zip
2014-09-10 13:18 - 2014-09-10 13:18 - 00525431 _____ () C:\Users\BMo\Downloads\gamev2dup.exe
2014-09-01 12:38 - 2014-09-01 12:38 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\SteelSeries
2014-09-01 12:38 - 2014-09-01 12:38 - 00000000 ____D () C:\Users\BMo\AppData\Local\SteelSeries_ApS
2014-09-01 12:31 - 2014-09-01 12:36 - 53001320 _____ () C:\Users\BMo\Downloads\SteelSeriesEngine_2.8.0450.exe
2014-09-01 12:11 - 2014-09-01 12:38 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-09-01 12:11 - 2014-09-01 12:30 - 00000000 ____D () C:\Users\BMo\AppData\Local\SteelSeries Engine 3 Client
2014-09-01 12:10 - 2014-09-20 15:02 - 00056538 _____ () C:\Windows\DPINST.LOG
2014-09-01 12:10 - 2014-09-01 12:38 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-09-01 12:10 - 2014-09-01 12:36 - 00000000 ____D () C:\Program Files\SteelSeries
2014-09-01 12:10 - 2014-09-01 12:10 - 00000000 ____D () C:\Users\admin
2014-09-01 12:03 - 2014-09-01 12:10 - 52914144 _____ () C:\Users\BMo\Downloads\SteelSeriesEngine_3.2.7.exe
2014-09-01 11:18 - 2014-09-21 11:56 - 1266272256 ____R () C:\Users\BMo\Downloads\Viva_Pinata!_RePack.iso
2014-09-01 11:16 - 2014-09-01 11:16 - 00000000 ____D () C:\Users\BMo\Downloads\Viva Pinata Pc Retail
2014-08-31 19:24 - 2014-08-31 19:25 - 00000000 ____D () C:\Users\BMo\AppData\Local\Adobe
2014-08-31 14:09 - 2014-08-31 14:09 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon v1.4.16 build 240714
2014-08-31 14:09 - 2014-08-31 14:09 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-08-31 14:06 - 2014-08-31 14:06 - 00000000 ____D () C:\Users\BMo\Downloads\Viva Pinata
2014-08-31 12:57 - 2014-08-31 12:57 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Awesomium
2014-08-31 12:56 - 2014-08-31 12:56 - 00002037 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-08-31 12:56 - 2014-08-31 12:56 - 00002028 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-08-31 12:56 - 2014-08-31 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-08-31 12:56 - 2014-08-31 12:56 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-08-31 12:56 - 2014-08-31 12:56 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-08-31 12:54 - 2014-08-31 12:55 - 46860733 _____ (Hi-Rez Studios) C:\Users\BMo\Downloads\InstallHiRezGamesEnglish.exe
2014-08-30 09:36 - 2014-08-30 09:36 - 00078336 _____ (Razer Inc) C:\Windows\SysWOW64\rzvirtualdev.dll
2014-08-28 02:47 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 02:47 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:47 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 17:33 - 2014-08-07 20:19 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Skype
2014-09-27 17:14 - 2014-08-07 17:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 16:45 - 2014-08-07 17:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 15:39 - 2009-07-14 00:45 - 00025536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 15:39 - 2009-07-14 00:45 - 00025536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 15:35 - 2014-08-07 19:24 - 01231157 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 15:31 - 2014-08-07 18:08 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Spotify
2014-09-27 15:30 - 2014-08-07 17:13 - 00000000 ___RD () C:\Users\BMo\Dropbox
2014-09-27 15:30 - 2014-08-07 17:11 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Dropbox
2014-09-27 15:30 - 2014-08-07 17:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-27 15:29 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-27 15:28 - 2014-08-07 17:03 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-27 15:28 - 2014-08-07 17:03 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-27 15:28 - 2014-08-07 16:47 - 00000985 _____ () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-27 15:28 - 2014-01-04 18:10 - 00000000 ____D () C:\AdwCleaner
2014-09-27 15:28 - 2010-11-20 23:47 - 00234050 _____ () C:\Windows\PFRO.log
2014-09-27 15:28 - 2009-07-14 00:51 - 00037959 _____ () C:\Windows\setupact.log
2014-09-27 15:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-27 12:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME
2014-09-27 12:56 - 2014-08-16 15:12 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\BitTorrent
2014-09-27 10:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-26 19:23 - 2014-08-07 20:24 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-26 19:23 - 2014-08-07 20:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-25 20:46 - 2014-08-07 20:27 - 00081562 _____ () C:\Windows\DirectX.log
2014-09-24 01:14 - 2014-08-07 17:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 01:14 - 2014-08-07 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 01:14 - 2014-08-07 17:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 18:36 - 2014-08-14 18:36 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\.minecraft
2014-09-22 17:47 - 2014-08-09 19:01 - 00003734 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-09-22 17:47 - 2014-08-09 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-09-22 17:47 - 2014-08-09 19:01 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-09-21 19:44 - 2014-08-07 18:16 - 00000000 ____D () C:\Users\BMo\AppData\Local\Spotify
2014-09-21 19:42 - 2014-08-24 20:14 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-21 19:42 - 2009-07-14 00:45 - 00274160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 19:41 - 2014-08-07 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 11:48 - 2014-08-07 17:27 - 00061504 _____ () C:\Users\BMo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-19 18:12 - 2014-08-07 17:13 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 19:28 - 2014-08-07 17:39 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\TS3Client
2014-09-16 17:29 - 2014-08-07 17:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-16 17:29 - 2014-08-07 17:30 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 04:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-13 03:02 - 2014-08-10 03:22 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 03:02 - 2009-07-14 01:13 - 00773536 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 03:00 - 2014-08-09 08:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-31 15:20 - 2014-08-20 12:28 - 00000000 ____D () C:\Users\BMo\AppData\Local\Game Dev Tycoon - Steam
2014-08-31 14:08 - 2014-08-20 12:25 - 00000000 ____D () C:\2-click run
2014-08-31 12:56 - 2014-08-07 16:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\BMo\AppData\Local\Temp\7za.exe
C:\Users\BMo\AppData\Local\Temp\CloudBackup7655.exe
C:\Users\BMo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxidw2x.dll
C:\Users\BMo\AppData\Local\Temp\FrdI6.exe
C:\Users\BMo\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe
C:\Users\BMo\AppData\Local\Temp\Quarantine.exe
C:\Users\BMo\AppData\Local\Temp\setup.exe
C:\Users\BMo\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\BMo\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\BMo\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\BMo\AppData\Local\Temp\SxWo5.dll
C:\Users\BMo\AppData\Local\Temp\SxWo5.exe
C:\Users\BMo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\BMo\AppData\Local\Temp\tu17p84.exe
C:\Users\BMo\AppData\Local\Temp\x2blapi.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 00:39

==================== End Of Log ============================

#4 itsbmo

New Member

Authentic Member
17 posts

Posted 27 September 2014 - 04:05 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by BMo at 2014-09-27 18:02:53
Running from C:\Users\BMo\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0001 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.3.103.20214 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{74D2047B-19F2-3C44-174E-78C4C0C88107}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Utility (x32 Version: 1.00.0000 - ASUSTek) Hidden
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.33028 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EverQuest II (HKCU\...\SOE-EverQuest II) (Version: 1.0.3.183 - Sony Online Entertainment)
Game Dev Tycoon v1.4.16 build 240714 (HKLM-x32\...\Game Dev Tycoon v1.4.16 build 2407141.4.16) (Version: 1.4.16 - Friends in War)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (x32 Version: 4.2.230.0 - Advanced Micro Devices, Inc.) Hidden
InViewer version 0.81 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 0.81 - Stefan Wobbe)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2298.12 - Hi-Rez Studios)
Speccy (HKLM\...\Speccy) (Version: 1.11 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SteelSeries Engine 3.2.7 (HKLM\...\SteelSeries Engine 3) (Version: 3.2.7 - SteelSeries ApS)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - )
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1418505120-3983750565-1456373324-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

27-09-2014 19:14:51 Installed Microsoft Fix it 50566

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13BD6EC2-F8D1-45D8-9DCE-E6FDD0472B75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {275F1C83-F6DD-4EC2-AB62-CB3DC2179950} - System32\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {2E079B8F-9C95-42BB-8DCC-5DB2A45CCA2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {379E6390-D311-478D-AF63-A29FB93A0E22} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {70634B6F-124F-469A-8EE2-F9F4A02B87D7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {723EFDC3-CB55-4856-B6EF-ACAFBAD3B283} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {9CE861BE-69F1-4688-8770-ABFA0552E211} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {B97E290A-0CD9-4CE7-9AD7-69D1719BA95E} - System32\Tasks\ASUS\i-Setup165519 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {E3BA6313-1D59-4566-B1C7-C21D6C291A36} - \PastaQuotes No Task File <==== ATTENTION
Task: {F53B2BC9-7504-4F17-88D0-A51E2CE0D05D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-26 14:39 - 2014-06-26 14:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-08-13 17:05 - 2014-08-13 17:05 - 17422848 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-27 15:30 - 2014-09-27 15:30 - 00043008 _____ () c:\users\bmo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxidw2x.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\BMo\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-30 13:47 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 13:47 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 13:47 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-07 17:12 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-08-07 17:12 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 13:47 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 13:47 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-07 17:12 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-18 17:49 - 2014-09-18 17:49 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-07 17:12 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 21:27 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-09-09 20:42 - 2014-09-23 13:56 - 02351104 ____R () C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\MctsInterface.dll
2013-10-01 21:36 - 2012-12-28 16:11 - 20645216 ____R () C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\awesomium.dll
2014-09-10 11:14 - 2014-09-10 11:14 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk => C:\Windows\pss\AML Device Install.lnk.CommonStartup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

========================= Accounts: ==========================

Administrator (S-1-5-21-1418505120-3983750565-1456373324-500 - Administrator - Disabled)
BMo (S-1-5-21-1418505120-3983750565-1456373324-1001 - Administrator - Enabled) => C:\Users\BMo
Guest (S-1-5-21-1418505120-3983750565-1456373324-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1418505120-3983750565-1456373324-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2014 03:32:31 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/27/2014 03:30:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 03:30:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSetup.exe, version: 2.0.17.3, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x540
Faulting application start time: 0xAsusSetup.exe0
Faulting application path: AsusSetup.exe1
Faulting module path: AsusSetup.exe2
Report Id: AsusSetup.exe3

Error: (09/27/2014 03:24:17 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/27/2014 03:22:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 03:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSetup.exe, version: 2.0.17.3, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x7b0
Faulting application start time: 0xAsusSetup.exe0
Faulting application path: AsusSetup.exe1
Faulting module path: AsusSetup.exe2
Report Id: AsusSetup.exe3

Error: (09/27/2014 01:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 01:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSetup.exe, version: 2.0.17.3, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x844
Faulting application start time: 0xAsusSetup.exe0
Faulting application path: AsusSetup.exe1
Faulting module path: AsusSetup.exe2
Report Id: AsusSetup.exe3

Error: (09/27/2014 01:30:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/27/2014 01:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSetup.exe, version: 2.0.17.3, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x6a0
Faulting application start time: 0xAsusSetup.exe0
Faulting application path: AsusSetup.exe1
Faulting module path: AsusSetup.exe2
Report Id: AsusSetup.exe3

System errors:
=============
Error: (09/27/2014 03:32:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (09/27/2014 03:32:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The BlueStacks Android Service service hung on starting.

Error: (09/27/2014 03:29:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
%%1053

Error: (09/27/2014 03:29:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

Error: (09/27/2014 03:24:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (09/27/2014 03:24:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The BlueStacks Android Service service hung on starting.

Error: (09/27/2014 03:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%1053

Error: (09/27/2014 03:21:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

Error: (09/27/2014 03:20:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (09/27/2014 03:20:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Microsoft Office Sessions:
=========================
Error: (09/27/2014 03:32:31 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/27/2014 03:30:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 03:30:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AsusSetup.exe2.0.17.300000000unknown0.0.0.000000000000000000000000054001cfda894e7c87baC:\Windows\Chipset\AsusSetup.exeunknownac35882d-467c-11e4-a636-000acd2206a4

Error: (09/27/2014 03:24:17 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/27/2014 03:22:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 03:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AsusSetup.exe2.0.17.300000000unknown0.0.0.00000000000000000000000007b001cfda87f81b2d75C:\Windows\Chipset\AsusSetup.exeunknown4eb6843a-467b-11e4-952c-000acd2206a4

Error: (09/27/2014 01:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 01:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AsusSetup.exe2.0.17.300000000unknown0.0.0.000000000000000000000000084401cfda78c6274005C:\Windows\Chipset\AsusSetup.exeunknown13210357-466c-11e4-99ed-000acd2206a4

Error: (09/27/2014 01:30:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/27/2014 01:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AsusSetup.exe2.0.17.300000000unknown0.0.0.00000000000000000000000006a001cfda7634cedab6C:\Windows\Chipset\AsusSetup.exeunknown9a8a2fdb-4669-11e4-8777-000acd2206a4

==================== Memory info ===========================

Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 80%
Total physical RAM: 4063.14 MB
Available physical RAM: 782.5 MB
Total Pagefile: 8124.46 MB
Available Pagefile: 3305.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:100.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2AD15114)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 September 2014 - 04:27 PM

Hi,

Your log is showing a few bogus search engines and tool bars.

C:\Users\BMo\Downloads\FRST64.exe < -- You need to read the directions that we post, it says to download these programs to your desktop, most of our tools and scanners will run more effectively if there run from the desktop, go to your downloads folder and right click on FRST64 and select CUT, then go to your desktop and right click on a blank space and select PASTE

You have Bit Torrent installed, you need to remove it, File sharing is not safe, it may be why your system is infected. Your downloading that file from an unknown source, not all but most contain malicious code of some sort, its like playing Russian Roulette malwarewise.

Storm Tracker is what may be causing you all these problems

Download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

===============================================================================

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 itsbmo

New Member

Authentic Member
17 posts

Posted 27 September 2014 - 05:19 PM

MiniToolBox by Farbar Version: 21-07-2014
Ran by BMo (administrator) on 27-09-2014 at 19:00:11
Running from "C:\Users\BMo\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

**** End of log ****

------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v3.301 - Report created 28/07/2014 at 23:13:03
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tanner - TANNER-PC
# Running from : C:\Users\Tanner\Downloads\adwcleaner_3.301.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : hshld
[x] Not Deleted : hsstrayservice
[x] Not Deleted : hsswd

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\MySearch
Folder Deleted : C:\ProgramData\topapp software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
[x] Not Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Tanner\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Tanner\AppData\Local\torch
[x] Not Deleted : C:\Users\Tanner\AppData\Local\Temp\hotspot shield
[x] Not Deleted : C:\Users\Tanner\AppData\Roaming\hotspot shield
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[x] Not Deleted : HKLM\Software\hotspotshield
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.wonderfulsearches.info/?l=1&q={searchTerms}&pid=3458&r=2014/07/23&hid=5600640211133062554&lg=EN&cc=US&unqvl=60
Deleted [Startup_urls] : hxxp://websearch.wonderfulsearches.info/?pid=3458&r=2014/07/23&hid=5600640211133062554&lg=EN&cc=US&unqvl=60
Deleted [Homepage] : hxxp://websearch.wonderfulsearches.info/?pid=3458&r=2014/07/23&hid=5600640211133062554&lg=EN&cc=US&unqvl=60

*************************

AdwCleaner[R0].txt - [9563 octets] - [04/01/2014 18:10:32]
AdwCleaner[R1].txt - [3202 octets] - [28/07/2014 23:10:58]
AdwCleaner[S0].txt - [8695 octets] - [04/01/2014 18:29:24]
AdwCleaner[S1].txt - [3286 octets] - [28/07/2014 23:13:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3346 octets] ##########
# AdwCleaner v3.310 - Report created 27/09/2014 at 19:02:34
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : BMo - BMO-PC
# Running from : C:\Users\BMo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\BMo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\prefs.js ]

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [16165 octets] - [04/01/2014 18:10:32]
AdwCleaner[R1].txt - [9720 octets] - [28/07/2014 23:10:58]
AdwCleaner[R2].txt - [1389 octets] - [27/09/2014 19:01:36]
AdwCleaner[S0].txt - [14379 octets] - [04/01/2014 18:29:24]
AdwCleaner[S1].txt - [4594 octets] - [28/07/2014 23:13:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4654 octets] ##########

-----------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/27/2014
Scan Time: 7:10:36 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.27.11
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BMo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332140
Time Elapsed: 9 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#7 itsbmo

New Member

Authentic Member
17 posts

Posted 27 September 2014 - 05:24 PM

And heres Junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x64
Ran by BMo on Sat 09/27/2014 at 19:21:28.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1418505120-3983750565-1456373324-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\BMo\AppData\Roaming\mozilla\firefox\profiles\fvlston6.default\minidumps [17 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/27/2014 at 19:24:29.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 September 2014 - 05:31 PM

You need to read the directions that we post, it says to download these programs to your desktop

Go ahead and run a new scan with FRST, be sure to check additions and post both new logs

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 itsbmo

New Member

Authentic Member
17 posts

Posted 27 September 2014 - 05:34 PM

They are downloaded to my desktop!

http://gyazo.com/0e6...5b20060899e1d28

and here:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by BMo (administrator) on BMO-PC on 27-09-2014 19:33:16
Running from C:\Users\BMo\Desktop
Loaded Profile: BMo (Available profiles: BMo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\BMo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(ASUSTeK Computer Inc.) C:\Windows\Chipset\AsusSetup.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\BMo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Spotify] => C:\Users\BMo\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [Spotify Web Helper] => C:\Users\BMo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-1418505120-3983750565-1456373324-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
Startup: C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BMo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\BMo\AppData\Local\StormWatch\StormWatch.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default
FF NewTab: user_pref("browser.newtab.url", "");
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\BMo\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BMo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Mp3Olimp widget - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\jid0-SlJAN1IqVQffaO5onLnWK2zcA1Q@jetpack.xpi [2014-08-13]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-08-22]
FF Extension: Adblock Plus - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-07]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> http://api.searchpre...d={searchTerms}
CHR Profile: C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (Adguard AdBlocker) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-09-20]
CHR Extension: (YouTube) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Adblock for Youtube™) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-20]
CHR Extension: (Google Search) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Dark Vibe) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-09-20]
CHR Extension: (Google Sheets) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Gmail) - C:\Users\BMo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 19:33 - 2014-09-27 19:33 - 00016492 _____ () C:\Users\BMo\Desktop\FRST.txt
2014-09-27 19:24 - 2014-09-27 19:24 - 00001489 _____ () C:\Users\BMo\Desktop\JRT.txt
2014-09-27 19:20 - 2014-09-27 19:20 - 01699276 _____ (Thisisu) C:\Users\BMo\Downloads\JRT(1).exe
2014-09-27 19:00 - 2014-09-27 19:00 - 01373475 _____ () C:\Users\BMo\Desktop\AdwCleaner.exe
2014-09-27 19:00 - 2014-09-27 19:00 - 00000595 _____ () C:\Users\BMo\Downloads\Result.txt
2014-09-27 18:59 - 2014-09-27 18:59 - 00401920 _____ (Farbar) C:\Users\BMo\Desktop\MiniToolBox.exe
2014-09-27 18:02 - 2014-09-27 18:03 - 00031428 _____ () C:\Users\BMo\Downloads\Addition.txt
2014-09-27 18:01 - 2014-09-27 19:33 - 00000000 ____D () C:\FRST
2014-09-27 18:01 - 2014-09-27 18:03 - 00041605 _____ () C:\Users\BMo\Downloads\FRST.txt
2014-09-27 17:39 - 2014-09-27 17:39 - 00001822 _____ () C:\Users\BMo\Desktop\aswMBR.txt
2014-09-27 17:39 - 2014-09-27 17:39 - 00000512 _____ () C:\Users\BMo\Desktop\MBR.dat
2014-09-27 17:18 - 2014-09-27 17:19 - 05185536 _____ (AVAST Software) C:\Users\BMo\Downloads\aswMBR.exe
2014-09-27 17:18 - 2014-09-27 17:19 - 02108928 _____ (Farbar) C:\Users\BMo\Desktop\FRST64.exe
2014-09-27 15:26 - 2014-09-27 15:26 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 15:24 - 2014-09-27 15:24 - 01699276 _____ (Thisisu) C:\Users\BMo\Desktop\JRT.exe
2014-09-27 15:24 - 2014-09-27 15:24 - 01373475 _____ () C:\Users\BMo\Downloads\adwcleaner_3.310.exe
2014-09-27 15:14 - 2014-09-27 15:14 - 00662016 _____ () C:\Users\BMo\Downloads\MicrosoftFixit50566.msi
2014-09-27 10:03 - 2014-09-27 10:03 - 00000687 _____ () C:\awh6FC7.tmp
2014-09-27 10:01 - 2014-09-27 19:33 - 00000356 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001.job
2014-09-27 10:01 - 2014-09-27 10:01 - 00003266 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001
2014-09-27 09:59 - 2014-09-27 09:59 - 00000000 ____D () C:\Users\BMo\AppData\Local\CrashRpt
2014-09-27 09:58 - 2014-09-27 09:59 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 __SHD () C:\Users\BMo\AppData\Local\EmieUserList
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 __SHD () C:\Users\BMo\AppData\Local\EmieSiteList
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 ____D () C:\Users\BMo\AppData\Local\Weather_Protector_LLC
2014-09-27 09:57 - 2014-09-27 10:25 - 00000000 ____D () C:\Users\BMo\AppData\Local\StormWatch
2014-09-27 09:56 - 2014-09-27 09:56 - 00000077 _____ () C:\Users\BMo\AppData\Roaming\die.bat
2014-09-27 09:33 - 2014-09-27 09:33 - 00862208 _____ () C:\Windows\AdobeUpdater.exe
2014-09-27 09:32 - 2014-09-27 09:32 - 00000000 ____D () C:\Users\BMo\Desktop\New folder
2014-09-27 09:24 - 2014-09-27 09:32 - 00000000 ____D () C:\Users\BMo\Desktop\Update
2014-09-26 21:03 - 2014-09-26 21:07 - 00000000 ____D () C:\Users\BMo\Downloads\The Sims 4 Digital Deluxe Edition Update 2 and 3DM Crack v6
2014-09-26 19:28 - 2014-09-26 19:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-26 19:27 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Origin
2014-09-26 19:27 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\BMo\AppData\Local\Origin
2014-09-26 19:25 - 2014-09-26 19:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-26 19:25 - 2014-09-26 19:25 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-26 19:25 - 2014-09-26 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-26 19:25 - 2014-09-26 19:25 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-26 19:24 - 2014-09-27 10:01 - 00000000 ____D () C:\ProgramData\Origin
2014-09-26 19:07 - 2014-09-26 19:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 18:44 - 2014-09-27 10:28 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-09-25 20:47 - 2014-09-25 20:47 - 00000000 ____D () C:\Users\BMo\Documents\My Games
2014-09-24 02:07 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 02:07 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 17:47 - 2014-09-22 17:47 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-09-22 17:47 - 2014-09-22 17:47 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-09-22 05:01 - 2014-09-22 05:01 - 00000000 ____D () C:\ProgramData\Gyazo
2014-09-21 12:03 - 2014-09-21 12:03 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft Games
2014-09-21 12:00 - 2014-09-21 12:11 - 00000000 ____D () C:\Program Files (x86)\Viva Pinata
2014-09-21 11:52 - 2014-09-21 11:52 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-09-21 11:50 - 2014-09-25 22:05 - 00000000 ____D () C:\Users\BMo\Downloads\GMT.KZ_The_Sims_4_Deluxe_Edition_RePack_MAXAGENT
2014-09-21 10:57 - 2014-09-21 10:57 - 00000000 ____D () C:\Users\BMo\AppData\Local\Razer
2014-09-20 20:34 - 2014-09-27 15:28 - 00001290 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-20 20:34 - 2014-09-27 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 20:29 - 2014-09-27 19:05 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 20:29 - 2014-09-27 18:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 20:29 - 2014-09-20 20:34 - 00000000 ____D () C:\Users\BMo\AppData\Local\Google
2014-09-20 20:29 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-20 20:29 - 2014-09-20 20:29 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-20 20:29 - 2014-09-20 20:29 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-20 18:49 - 2014-09-20 18:49 - 00895120 _____ (Google Inc.) C:\Users\BMo\Downloads\ChromeSetup.exe
2014-09-20 15:02 - 2014-09-20 15:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-09-20 15:01 - 2014-09-20 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-18 17:49 - 2014-09-27 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 17:37 - 2014-09-16 17:38 - 87256095 _____ () C:\Users\BMo\Downloads\Dunkey_Album.zip
2014-09-13 03:03 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:03 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:03 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:03 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:03 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:03 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:03 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:03 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:03 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:03 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:03 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:03 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:03 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:03 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:03 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:03 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:03 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:03 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:03 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:03 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:03 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:03 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:03 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:03 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:03 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:03 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:03 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:03 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:03 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:03 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:03 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:03 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:03 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:03 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:03 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:03 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:03 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:03 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:03 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:03 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:03 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:03 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:03 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:03 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:03 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:03 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:03 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:03 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:03 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:03 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:03 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:03 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:03 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:03 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:03 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:03 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 15:28 - 2014-09-12 15:28 - 00000000 ____D () C:\Users\BMo\AppData\Local\Razer_Inc
2014-09-12 10:08 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 10:08 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 10:06 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 10:06 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 10:03 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 10:03 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 10:03 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 10:03 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 10:03 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 10:03 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 10:03 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 12:20 - 2014-09-11 12:20 - 41945432 _____ (Apple Inc.) C:\Users\BMo\Downloads\QuickTimeInstaller.exe
2014-09-10 13:47 - 2014-09-10 13:47 - 20366120 _____ () C:\Users\BMo\Downloads\DoomedDungeonv1.2.rar
2014-09-10 13:22 - 2014-09-10 13:22 - 03978307 _____ () C:\Users\BMo\Downloads\SDP.zip
2014-09-10 13:18 - 2014-09-10 13:18 - 00525431 _____ () C:\Users\BMo\Downloads\gamev2dup.exe
2014-09-01 12:38 - 2014-09-01 12:38 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\SteelSeries
2014-09-01 12:38 - 2014-09-01 12:38 - 00000000 ____D () C:\Users\BMo\AppData\Local\SteelSeries_ApS
2014-09-01 12:31 - 2014-09-01 12:36 - 53001320 _____ () C:\Users\BMo\Downloads\SteelSeriesEngine_2.8.0450.exe
2014-09-01 12:11 - 2014-09-01 12:38 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-09-01 12:11 - 2014-09-01 12:30 - 00000000 ____D () C:\Users\BMo\AppData\Local\SteelSeries Engine 3 Client
2014-09-01 12:10 - 2014-09-20 15:02 - 00056538 _____ () C:\Windows\DPINST.LOG
2014-09-01 12:10 - 2014-09-01 12:38 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-09-01 12:10 - 2014-09-01 12:36 - 00000000 ____D () C:\Program Files\SteelSeries
2014-09-01 12:10 - 2014-09-01 12:10 - 00000000 ____D () C:\Users\admin
2014-09-01 12:03 - 2014-09-01 12:10 - 52914144 _____ () C:\Users\BMo\Downloads\SteelSeriesEngine_3.2.7.exe
2014-09-01 11:18 - 2014-09-21 11:56 - 1266272256 ____R () C:\Users\BMo\Downloads\Viva_Pinata!_RePack.iso
2014-09-01 11:16 - 2014-09-01 11:16 - 00000000 ____D () C:\Users\BMo\Downloads\Viva Pinata Pc Retail
2014-08-31 19:24 - 2014-08-31 19:25 - 00000000 ____D () C:\Users\BMo\AppData\Local\Adobe
2014-08-31 14:09 - 2014-08-31 14:09 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon v1.4.16 build 240714
2014-08-31 14:09 - 2014-08-31 14:09 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-08-31 14:06 - 2014-08-31 14:06 - 00000000 ____D () C:\Users\BMo\Downloads\Viva Pinata
2014-08-31 12:57 - 2014-08-31 12:57 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Awesomium
2014-08-31 12:56 - 2014-08-31 12:56 - 00002037 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-08-31 12:56 - 2014-08-31 12:56 - 00002028 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-08-31 12:56 - 2014-08-31 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-08-31 12:56 - 2014-08-31 12:56 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-08-31 12:56 - 2014-08-31 12:56 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-08-31 12:54 - 2014-08-31 12:55 - 46860733 _____ (Hi-Rez Studios) C:\Users\BMo\Downloads\InstallHiRezGamesEnglish.exe
2014-08-30 09:36 - 2014-08-30 09:36 - 00078336 _____ (Razer Inc) C:\Windows\SysWOW64\rzvirtualdev.dll
2014-08-28 02:47 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 02:47 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:47 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 19:21 - 2014-08-07 20:19 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Skype
2014-09-27 19:14 - 2014-08-07 17:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 19:11 - 2009-07-14 00:45 - 00025536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 19:11 - 2009-07-14 00:45 - 00025536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 19:10 - 2014-08-07 17:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 19:08 - 2014-08-07 19:24 - 01240708 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 19:08 - 2014-08-07 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 19:06 - 2014-08-07 18:08 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Spotify
2014-09-27 19:06 - 2014-08-07 17:13 - 00000000 ___RD () C:\Users\BMo\Dropbox
2014-09-27 19:06 - 2014-08-07 17:11 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Dropbox
2014-09-27 19:04 - 2010-11-20 23:47 - 00234356 _____ () C:\Windows\PFRO.log
2014-09-27 19:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-27 19:04 - 2009-07-14 00:51 - 00038015 _____ () C:\Windows\setupact.log
2014-09-27 19:02 - 2014-01-04 18:10 - 00000000 ____D () C:\AdwCleaner
2014-09-27 18:59 - 2014-08-16 15:12 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\BitTorrent
2014-09-27 15:30 - 2014-08-07 17:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-27 15:28 - 2014-08-07 17:03 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-27 15:28 - 2014-08-07 17:03 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-27 15:28 - 2014-08-07 16:47 - 00000985 _____ () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-27 15:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-27 12:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME
2014-09-27 10:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-26 19:23 - 2014-08-07 20:24 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-26 19:23 - 2014-08-07 20:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-25 20:46 - 2014-08-07 20:27 - 00081562 _____ () C:\Windows\DirectX.log
2014-09-24 01:14 - 2014-08-07 17:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 01:14 - 2014-08-07 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 01:14 - 2014-08-07 17:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 18:36 - 2014-08-14 18:36 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\.minecraft
2014-09-22 17:47 - 2014-08-09 19:01 - 00003734 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-09-22 17:47 - 2014-08-09 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-09-22 17:47 - 2014-08-09 19:01 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-09-21 19:44 - 2014-08-07 18:16 - 00000000 ____D () C:\Users\BMo\AppData\Local\Spotify
2014-09-21 19:42 - 2014-08-24 20:14 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-21 19:42 - 2009-07-14 00:45 - 00274160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 19:41 - 2014-08-07 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 11:48 - 2014-08-07 17:27 - 00061504 _____ () C:\Users\BMo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-19 18:12 - 2014-08-07 17:13 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 19:28 - 2014-08-07 17:39 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\TS3Client
2014-09-16 17:29 - 2014-08-07 17:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-16 17:29 - 2014-08-07 17:30 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 04:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-13 03:02 - 2014-08-10 03:22 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 03:02 - 2009-07-14 01:13 - 00773536 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 03:00 - 2014-08-09 08:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-31 15:20 - 2014-08-20 12:28 - 00000000 ____D () C:\Users\BMo\AppData\Local\Game Dev Tycoon - Steam
2014-08-31 14:08 - 2014-08-20 12:25 - 00000000 ____D () C:\2-click run
2014-08-31 12:56 - 2014-08-07 16:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\BMo\AppData\Local\Temp\7za.exe
C:\Users\BMo\AppData\Local\Temp\CloudBackup7655.exe
C:\Users\BMo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5zbqfw.dll
C:\Users\BMo\AppData\Local\Temp\FrdI6.exe
C:\Users\BMo\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe
C:\Users\BMo\AppData\Local\Temp\Quarantine.exe
C:\Users\BMo\AppData\Local\Temp\setup.exe
C:\Users\BMo\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\BMo\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\BMo\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\BMo\AppData\Local\Temp\SxWo5.dll
C:\Users\BMo\AppData\Local\Temp\SxWo5.exe
C:\Users\BMo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\BMo\AppData\Local\Temp\tu17p84.exe
C:\Users\BMo\AppData\Local\Temp\x2blapi.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 00:39

==================== End Of Log ============================

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 September 2014 - 11:58 PM

ProxMate - Proxy on steroids! <-- Did you install and use this ?

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 itsbmo

New Member

Authentic Member
17 posts

Posted 28 September 2014 - 04:36 AM

No I did not! Should I get it?

#12 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 September 2014 - 05:20 AM

Lets uninstall this one also if you dont use it

Hotspot Shield bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install...

Go ahead and uninstall both then run a new scan with FRST, check additions, you forgot it last time and post both logs

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#13 itsbmo

New Member

Authentic Member
17 posts

Posted 28 September 2014 - 06:12 AM

Doesn't say Hotspot Shield is on my computer... neither is ProxMate.

#14 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 September 2014 - 09:35 AM

Do you use this program also, I have this fix going to unhide it so you may be able to uninstall it if you dont use it

http://www.shouldire...63-program.aspx

Open notepad (Start --> All Programs --> Accessories --> Notepad).

Please copy the entire contents of the code box below.

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.

You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

Start
Startup: C:\Users\BMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\BMo\AppData\Local\StormWatch\StormWatch.exe (No File)
FF Extension: ProxMate - Proxy on steroids! - C:\Users\BMo\AppData\Roaming\Mozilla\Firefox\Profiles\fvlston6.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-08-22]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
CHR DefaultSuggestURL: Default -> http://api.searchpre...d={searchTerms}
2014-09-27 09:58 - 2014-09-27 09:58 - 00000000 ____D () C:\Users\BMo\AppData\Local\Weather_Protector_LLC
2014-09-27 09:57 - 2014-09-27 10:25 - 00000000 ____D () C:\Users\BMo\AppData\Local\StormWatch
2014-09-27 18:59 - 2014-08-16 15:12 - 00000000 ____D () C:\Users\BMo\AppData\Roaming\BitTorrent
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {275F1C83-F6DD-4EC2-AB62-CB3DC2179950} - System32\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {379E6390-D311-478D-AF63-A29FB93A0E22} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {9CE861BE-69F1-4688-8770-ABFA0552E211} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E3BA6313-1D59-4566-B1C7-C21D6C291A36} - \PastaQuotes No Task File <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1418505120-3983750565-1456373324-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#15 itsbmo

New Member

Authentic Member
17 posts

Posted 28 September 2014 - 10:22 AM

So I did that... now my mozilla firefox is also bugged.

Body Background

skin color theme

Internet Explorer Proxy Tick Virus [Solved]

#1 itsbmo

Advertisements

Register to Remove

#2 ken545

#3 itsbmo

#4 itsbmo

#5 ken545

#6 itsbmo

#7 itsbmo

#8 ken545

#9 itsbmo

#10 ken545

Advertisements

Register to Remove

#11 itsbmo

#12 ken545

#13 itsbmo

#14 ken545

#15 itsbmo

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Internet Explorer Proxy Tick Virus [Solved]

#1 itsbmo

Advertisements Register to Remove

#2 ken545

#3 itsbmo

#4 itsbmo

#5 ken545

#6 itsbmo

#7 itsbmo

#8 ken545

#9 itsbmo

#10 ken545

Advertisements Register to Remove

#11 itsbmo

#12 ken545

#13 itsbmo

#14 ken545

#15 itsbmo

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove