MBAM cannot install. Access is denied

Solved
By Elijah Catbagan
Feb 15, 2014
  1. I recently downloaded some sort of file which was supposed to be a zip file but it turned out to be an exe file. Accidentally opened it and spammed the zip contents window non stop on me until I went to safe mode, deleted the file and did a system restore about 19hrs back. All seemed well until I realized ASC and MBAM won't load (error mismatch). Avast runs smooth though. Uninstalled MBAM and tried to uninstall ASC but prompted "access denied". I then used Revo uninstaller to remove asc and was able to do so.

    Now, reinstalling MBAM won't work. Access is denied when creating a folder.... etc. Tried using chameleon but it prompts the same error. Already ran full scans with superantispyware and TDSSkiller to no avail. Can anyone help? Thanks!
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Download and run this utility.
    It will ask to restart your computer (please allow it to).
    After the computer restarts, install the latest version from here.
  3. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Thank you for the reply.

    Already did that many times, MBAM is not listed in the control panel and installing even safe mode wouldn't work.
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Open Windows Explorer and see if you have Malwarebytes folder in Program Files directory.
    If so delete it.
  5. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Cannot delete folder. Used by another program
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download, and install Unlocker: http://www.emptyloop.com/unlocker/
    Restart computer.
    It'll install under right click menu.

    Open Windows Explorer.
    Navigate to offending folder/file.

    Right click on a folder/file. Click Unlocker
    Select Delete from drop-down menu:

    [​IMG]

    Click OK.
    A folder/file will refuse to be deleted, but Unlocker will give you an option to delete on reboot:

    [​IMG]

    Click Yes.
    Restart computer.
  7. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Superantispyware detected trojan.gen.download something upon finishing the installation and prompted for scan.
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You may be still infected.
    We'll check that.

    What about my previous reply?
  9. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    I mean it detected the trojan upon finishing the installion of unlocker from the link you posted.
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Make sure you preform Unlocker custom installation.
    These days many programs will try to sneak something else in.
    The program itself is clean.
  11. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Alright, done scanning and removed the threat. Removed MBAM folder aswell
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    See if you can install MBAM now.
  13. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Same error. Access is denied..
     
  14. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    Try to install MBAM right away.
  15. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Still got the same error

    rKill.txt

    Rkill 2.6.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/16/2014 11:33:28 AM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    * WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 02/16/2014 11:33:41 AM
    Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
  16. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    OK, let's see what's going on there...

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  17. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    FRST.txt 1 of 2

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
    Ran by ElijahMC (administrator) on ELIJAHMC-PC on 16-02-2014 11:40:36
    Running from C:\Users\ElijahMC\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    () D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    () C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    (Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Program Files (x86)\RocketDock\RocketDock.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    () D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
    (Akamai Technologies, Inc.) C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (Akamai Technologies, Inc.) C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
    HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
    HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
    HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-03-07] (AVAST Software)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] - [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
    HKLM\...\Policies\Explorer: [NoAutorun] 1
    HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [GarenaPlus] - D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe [9890608 2014-02-06] ()
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [Akamai NetSession Interface] - C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-07] (SUPERAntiSpyware)
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6087448 2014-01-21] (Piriform Ltd)
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Policies\Explorer: []
    Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA803D23B601CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: 127.0.0.1 localhost
    Tcpip\Parameters: [DhcpNameServer] 210.4.2.61 202.78.97.41

    FireFox:
    ========
    FF ProfilePath: C:\Users\ElijahMC\AppData\Roaming\Mozilla\Firefox\Profiles\luwmcrsj.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF Plugin-x32: @t.garena.com/garenatalk - D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-06]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-17]

    Chrome:
    =======
    CHR HomePage: hxxp://google.com/
    CHR DefaultSearchKeyword: google.com.ph
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
    CHR Plugin: (Advanced SystemCare 6) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (ArchiCAD) - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    CHR Plugin: (Unity Player) - C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Facebook Desktop) - C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Garena Talk Plugin) - D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
    CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn [2013-09-19]
    CHR Extension: (RuneScape) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj [2013-10-25]
    CHR Extension: (Beautiful landscape) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-01-10]
    CHR Extension: (Google Docs) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-28]
    CHR Extension: (Google Drive) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-28]
    CHR Extension: (American Racing 2 3D) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpfdjclhabpjncikdngdoldjjjegnbe [2014-02-06]
    CHR Extension: (Dragon Age Legends: Remix 01) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj [2013-10-31]
    CHR Extension: (YouTube) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-28]
    CHR Extension: (BeGone: Last Stand HD) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmekbplkjhgmljmbblmhmcnocafhaink [2013-09-19]
    CHR Extension: (Smartsheet Project Management) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm [2013-09-19]
    CHR Extension: (Kingdom Rush) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2013-09-19]
    CHR Extension: (Google Search) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-28]
    CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2013-10-31]
    CHR Extension: (Polycraft) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2013-11-03]
    CHR Extension: (Picditor Photo Editor) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2013-10-31]
    CHR Extension: (Planner 5D) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2013-09-20]
    CHR Extension: (Ads Removal) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-14]
    CHR Extension: (Arcane Legends) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-09-22]
    CHR Extension: (avast! WebRep) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-08-28]
    CHR Extension: (theHunter) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo [2013-09-22]
    CHR Extension: (Online PDF Tools) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2013-09-19]
    CHR Extension: (Traffic Slam 3) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjmailnmofkkffoemgmdbemmohldhe [2013-10-31]
    CHR Extension: (Autodesk Homestyler) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-09-22]
    CHR Extension: (Verdun Game) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdppkcpilejlgahecofelpoidcnjbdg [2013-10-26]
    CHR Extension: (WorkFlowy) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2013-09-20]
    CHR Extension: (Save as PDF) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2013-09-03]
    CHR Extension: (Drakensang Online) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgloifppaepihckkhiocnodicehjdoof [2013-10-31]
    CHR Extension: (Fishing Joy) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc [2013-09-19]
    CHR Extension: (Google Wallet) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
    CHR Extension: (Battlefield Play4Free) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-11-01]
    CHR Extension: (Bastion) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2013-10-25]
    CHR Extension: (Bitdefender QuickScan) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-02-15]
    CHR Extension: (Gmail) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-28]
    CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-03-06]
    CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - \BrowerProtect\ASC_GhromePlugin.crx [2013-03-06]
    CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-03-06]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
    R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-06-28] (Dassault Systèmes)
    S2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [655712 2013-12-01] ()
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
    R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] ()
    R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2012-04-27] (Micro-Star International Co., Ltd.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5150632 2012-12-06] (INCA Internet Co., Ltd.)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
    R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
    S2 AdobeARMservice; No ImagePath
    S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

    ==================== Drivers (Whitelisted) ====================

    R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-07] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-07] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-07] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
    R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-07] (AVAST Software)
    R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-07] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-07] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
    R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [80896 2013-04-09] (Motorola Solutions, Inc.)
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2013-04-09] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2013-04-09] (Motorola Solutions, Inc.)
    S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2013-12-01] (Huawei Technologies Co., Ltd.)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2013-04-09] ( )
    S3 MSILiveVirtualCamera; C:\Windows\System32\DRIVERS\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
    R3 ALSysIO; \??\C:\Users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 cpuz136; \??\C:\Users\ElijahMC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2013-12-01] (Huawei Technologies Co., Ltd.)
    S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [X]
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================
  18. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    FRST.txt 2 of 2

    ==================== One Month Created Files and Folders ========

    2014-02-16 17:38 - 2014-02-16 17:38 - 29097984 _____ () C:\Windows\system32\config\system.bdkup
    2014-02-16 17:38 - 2014-02-16 17:38 - 119422976 _____ () C:\Windows\system32\config\software.bdkup
    2014-02-16 11:40 - 2014-02-16 11:40 - 00034430 _____ () C:\Users\ElijahMC\Desktop\FRST.txt
    2014-02-16 11:40 - 2014-02-16 11:40 - 00000000 ____D () C:\FRST
    2014-02-16 11:39 - 2014-02-16 11:40 - 02152960 _____ (Farbar) C:\Users\ElijahMC\Desktop\FRST64.exe
    2014-02-16 11:32 - 2014-02-16 11:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ElijahMC\Desktop\rkill.exe
    2014-02-16 11:06 - 2014-02-16 11:21 - 00000000 ____D () C:\Program Files\Unlocker
    2014-02-16 11:06 - 2014-02-16 11:06 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-02-16 11:02 - 2014-02-16 11:02 - 00000000 ____D () C:\Users\ElijahMC\Desktop\Take_Ownership
    2014-02-16 10:14 - 2014-02-16 10:14 - 00019954 _____ () C:\Users\ElijahMC\Desktop\MBRCheck_02.16.14_10.14.09.txt
    2014-02-16 10:14 - 2014-02-16 10:13 - 00080384 _____ () C:\Users\ElijahMC\Desktop\MBRCheck.exe
    2014-02-16 10:08 - 2014-02-16 10:08 - 00000657 _____ () C:\Users\ElijahMC\Desktop\JRT.txt
    2014-02-16 09:59 - 2014-02-13 18:39 - 01166132 _____ () C:\Users\ElijahMC\Desktop\AdwCleaner.exe
    2014-02-16 09:59 - 2014-02-13 18:37 - 01037530 _____ (Thisisu) C:\Users\ElijahMC\Desktop\JRT.exe
    2014-02-16 09:55 - 2014-02-16 09:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-02-15 19:32 - 2014-02-15 13:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\ElijahMC\Desktop\tdsskiller.exe
    2014-02-15 19:20 - 2014-02-15 19:20 - 00000920 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_PR_02152014_192038.txt
    2014-02-15 19:20 - 2014-02-15 19:20 - 00000856 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_H_02152014_192034.txt
    2014-02-15 19:20 - 2014-02-15 19:20 - 00000729 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_DN_02152014_192044.txt
    2014-02-15 19:19 - 2014-02-15 19:19 - 00002166 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_S_02152014_191947.txt
    2014-02-15 19:18 - 2014-02-15 19:20 - 00000000 ____D () C:\Users\ElijahMC\Desktop\RK_Quarantine
    2014-02-15 19:03 - 2014-02-15 19:03 - 00149200 _____ () C:\Users\ElijahMC\Desktop\OTL.Txt
    2014-02-15 19:03 - 2014-02-15 19:03 - 00140282 _____ () C:\Users\ElijahMC\Desktop\Extras.Txt
    2014-02-15 18:55 - 2014-02-15 18:55 - 00602112 _____ (OldTimer Tools) C:\Users\ElijahMC\Desktop\OTL.exe
    2014-02-15 18:47 - 2014-02-15 18:47 - 00000928 _____ () C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
    2014-02-15 18:47 - 2014-02-15 18:47 - 00000909 _____ () C:\Users\ElijahMC\Desktop\ERUNT.lnk
    2014-02-15 18:47 - 2014-02-15 18:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-02-15 18:42 - 2014-02-15 18:42 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Malwarebytes
    2014-02-15 18:40 - 2014-02-15 19:42 - 00036452 _____ () C:\Windows\PFRO.log
    2014-02-15 18:33 - 2014-02-16 11:19 - 00003376 _____ () C:\Windows\setupact.log
    2014-02-15 18:33 - 2014-02-15 18:33 - 00000000 _____ () C:\Windows\setuperr.log
    2014-02-15 13:31 - 2014-02-15 13:31 - 00353352 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
    2014-02-15 13:31 - 2014-02-15 13:31 - 00031009 _____ () C:\Users\ElijahMC\Desktop\CheckResults.txt
    2014-02-14 21:20 - 2014-02-15 18:43 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\CrashDumps
    2014-02-14 12:48 - 2014-02-14 12:48 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Test
    2014-02-14 12:37 - 2014-02-14 12:38 - 00061901 _____ () C:\Users\ElijahMC\Downloads\FRST.txt
    2014-02-14 12:37 - 2014-02-14 12:38 - 00038672 _____ () C:\Users\ElijahMC\Downloads\Addition.txt
    2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\Users\ElijahMC\Desktop\UsbFix_Report.txt
    2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\UsbFix [Scan 2] ELIJAHMC-PC.txt
    2014-02-14 12:08 - 2014-02-14 12:08 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000.zip
    2014-02-14 11:21 - 2014-02-14 11:21 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-02-14 08:54 - 2014-02-14 08:54 - 00003178 _____ () C:\Windows\System32\Tasks\{D91F73D6-6D70-4FC1-8B6E-BB3B5DD1C477}
    2014-02-14 08:29 - 2014-02-14 08:29 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
    2014-02-14 06:01 - 2014-02-14 06:01 - 00000000 ____D () C:\Users\ElijahMC\Downloads\Revo Pro 3.0
    2014-02-14 05:46 - 2014-02-14 05:46 - 00001033 _____ () C:\Users\ElijahMC\Desktop\Take_Ownership.zip
    2014-02-14 05:46 - 2012-04-28 05:40 - 00001777 _____ () C:\Users\ElijahMC\Desktop\Add_Take_Ownership.reg
    2014-02-14 05:46 - 2012-04-28 05:40 - 00001108 _____ () C:\Users\ElijahMC\Desktop\Remove_Take_Ownership.reg
    2014-02-14 03:47 - 2014-02-14 12:27 - 00001448 _____ () C:\Users\ElijahMC\Desktop\UsbFix.lnk
    2014-02-14 03:47 - 2014-02-14 03:48 - 00014186 _____ () C:\UsbFix [Scan 1] ELIJAHMC-PC.txt
    2014-02-14 03:47 - 2014-02-14 03:47 - 00000000 ____D () C:\UsbFix
    2014-02-14 03:46 - 2014-02-14 03:46 - 02203778 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\ElijahMC\Downloads\usbfix.exe
    2014-02-14 03:01 - 2014-02-14 03:01 - 00125896 _____ () C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
    2014-02-14 02:58 - 2014-02-14 02:58 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-02-14 02:58 - 2014-02-14 02:58 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-02-13 18:55 - 2014-02-15 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-02-13 18:53 - 2014-02-15 09:16 - 00000000 ____D () C:\Users\ElijahMC\Desktop\mbar
    2014-02-13 18:49 - 2014-02-15 19:15 - 00000000 ____D () C:\AdwCleaner
    2014-02-13 18:38 - 2014-02-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-13 14:45 - 2014-02-13 14:45 - 00000000 ____D () C:\SUPERDelete
    2014-02-13 14:34 - 2014-02-14 08:51 - 00000000 ____D () C:\Windows\erdnt
    2014-02-13 14:31 - 2014-02-16 06:31 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
    2014-02-13 14:31 - 2014-02-15 02:00 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
    2014-02-13 14:31 - 2014-02-13 14:31 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b
    2014-02-13 14:31 - 2014-02-13 14:31 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008
    2014-02-13 14:31 - 2014-02-13 14:31 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
    2014-02-13 14:30 - 2014-02-13 14:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-02-13 14:30 - 2014-02-13 14:30 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-02-13 14:30 - 2014-02-13 14:30 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-02-13 14:21 - 2014-02-13 14:24 - 17915664 _____ (SUPERAntiSpyware) C:\Users\ElijahMC\Downloads\SUPERAntiSpyware.exe
    2014-02-13 13:36 - 2014-02-13 13:36 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\28050
    2014-02-13 13:35 - 2014-02-13 13:35 - 00002637 _____ () C:\Users\ElijahMC\Desktop\Ins.txt
    2014-02-13 13:12 - 2014-02-16 05:18 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\Adobe
    2014-02-13 12:32 - 2014-02-13 12:36 - 00002048 _____ () C:\Uninstall.dat
    2014-02-13 11:43 - 2014-02-13 11:44 - 00050688 _____ (Atribune.org) C:\Users\ElijahMC\Downloads\ATF-Cleaner.exe
    2014-02-13 10:42 - 2014-02-13 10:42 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Downloads\mbam-clean-1.60.2.0003 (1).exe
    2014-02-12 05:06 - 2014-02-12 05:06 - 02272768 _____ () C:\Users\ElijahMC\Downloads\chapter20_PC.ppt
    2014-02-12 04:33 - 2014-02-12 04:55 - 00000385 _____ () C:\Users\ElijahMC\Downloads\Probset 2 (1).txt
    2014-02-12 04:30 - 2014-02-12 04:30 - 00000367 _____ () C:\Users\ElijahMC\Downloads\Probset 2.txt
    2014-02-12 03:05 - 2014-02-12 03:05 - 00000382 _____ () C:\Users\ElijahMC\Downloads\Probset 2 with M.txt
    2014-02-11 16:50 - 2014-02-11 16:50 - 01535069 _____ () C:\Users\ElijahMC\Documents\Print.skp
    2014-02-11 09:45 - 2014-02-11 09:48 - 09781042 _____ () C:\Users\ElijahMC\Downloads\Centralized Terminal.skp
    2014-02-11 09:41 - 2014-02-11 09:41 - 01043121 _____ () C:\Users\ElijahMC\Downloads\ShuttleBus.skp
    2014-02-10 23:00 - 2014-02-10 23:00 - 00000000 ____D () C:\ProgramData\ALM
    2014-02-10 22:46 - 2012-06-28 08:35 - 00087040 _____ () C:\Users\ElijahMC\Desktop\xf-mccs6-keygen.exe
    2014-02-10 21:36 - 2014-02-10 22:50 - 00001522 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
    2014-02-10 21:30 - 2014-02-10 21:32 - 00973603 _____ () C:\Users\ElijahMC\Downloads\52f8d489098c2.zip
    2014-02-10 16:34 - 2014-02-10 16:34 - 00777877 _____ () C:\Users\ElijahMC\Documents\Grid.skp
    2014-02-10 10:52 - 2014-02-10 10:52 - 00001922 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-10 10:46 - 2014-02-16 11:04 - 00000051 _____ () C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
    2014-02-10 10:13 - 2014-02-10 10:13 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
    2014-02-10 10:12 - 2014-02-11 02:42 - 00000000 ____D () C:\Program Files\Process Hacker 2
    2014-02-10 10:11 - 2014-02-14 02:58 - 00000000 ____D () C:\Program Files\CCleaner
    2014-02-08 21:13 - 2014-02-08 21:13 - 00000000 ____D () C:\ProgramData\Nexon
    2014-02-08 10:02 - 2014-02-08 10:02 - 00000000 _____ () C:\asc_rdflag
    2014-02-06 17:44 - 2014-02-06 17:44 - 00000000 ____D () C:\Users\ElijahMC\Documents\AutoCAD Sheet Sets
    2014-02-06 10:17 - 2014-02-06 11:03 - 210451521 _____ () C:\Users\ElijahMC\Downloads\ManualPatcherv145.exe
    2014-02-06 10:14 - 2014-02-06 10:14 - 00055534 _____ () C:\Users\ElijahMC\Downloads\Dodu Queen Bed.skp
    2014-02-06 10:13 - 2014-02-06 10:15 - 05394448 _____ () C:\Users\ElijahMC\Downloads\BED.skp
    2014-02-06 10:12 - 2014-02-06 10:14 - 10131335 _____ () C:\Users\ElijahMC\Downloads\Untitled (3).skp
    2014-02-04 09:12 - 2014-02-04 09:12 - 02362286 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skb
    2014-02-04 09:12 - 2014-02-04 09:12 - 02325072 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skp
    2014-02-04 09:08 - 2014-02-04 09:08 - 00908629 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skb
    2014-02-04 09:08 - 2014-02-04 09:08 - 00640022 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skp
    2014-01-30 08:46 - 2014-01-30 08:46 - 00335824 _____ () C:\Users\ElijahMC\Downloads\Lumion_3_2_1_Free_Download.exe
    2014-01-29 18:16 - 2014-01-29 19:03 - 01554699 _____ () C:\Users\Public\ARCH33_CATBAGAN_121813.bak
    2014-01-29 17:59 - 2014-01-29 17:59 - 00000885 _____ () C:\Users\Public\Arch 33 - Shortcut.lnk
    2014-01-29 16:46 - 2014-01-29 16:49 - 00001558 _____ () C:\Users\Public\Arch 22 - Shortcut.lnk
    2014-01-29 11:13 - 2014-01-29 11:13 - 00000000 ____D () C:\Users\ElijahMC\Downloads\nvidiaInspector
    2014-01-29 09:43 - 2014-01-29 13:23 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\BatteryBar
    2014-01-29 09:43 - 2014-01-29 09:43 - 00000000 ____D () C:\Program Files\BatteryBar
    2014-01-29 09:42 - 2014-01-29 09:42 - 01313128 _____ () C:\Users\ElijahMC\Downloads\BatteryBarSetup-3.6.3.exe
    2014-01-24 01:19 - 2013-12-28 02:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2014-01-24 01:19 - 2013-12-28 02:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2014-01-20 22:54 - 2014-01-20 23:42 - 07608665 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skb
    2014-01-20 22:41 - 2014-01-20 23:43 - 07593516 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skp
    2014-01-19 12:25 - 2014-01-19 12:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune
    2014-01-19 12:24 - 2014-01-19 12:24 - 00642632 _____ (EFD Software ) C:\Users\ElijahMC\Downloads\hdtune_255.exe
    2014-01-19 05:08 - 2014-01-19 05:08 - 00000192 _____ () C:\Users\Public\Desktop\MapleStory.url
    2014-01-18 22:46 - 2014-01-18 22:46 - 00003514 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ElijahMC-PC-ElijahMC
    2014-01-18 03:05 - 2014-01-19 05:04 - 00000000 ____D () C:\Nexon
    2014-01-18 03:05 - 2014-01-18 03:05 - 00000000 ____D () C:\ProgramData\NexonUS
    2014-01-17 09:54 - 2014-01-17 09:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-01-17 09:27 - 2014-01-17 09:29 - 29141928 _____ (Oracle Corporation) C:\Users\ElijahMC\Downloads\jre-7u51-windows-i586.exe

    ==================== One Month Modified Files and Folders =======

    2014-02-16 17:38 - 2014-02-16 17:38 - 29097984 _____ () C:\Windows\system32\config\system.bdkup
    2014-02-16 17:38 - 2014-02-16 17:38 - 119422976 _____ () C:\Windows\system32\config\software.bdkup
    2014-02-16 17:38 - 2013-02-02 18:01 - 00000000 ____D () C:\Users\ElijahMC
    2014-02-16 11:40 - 2014-02-16 11:40 - 00034430 _____ () C:\Users\ElijahMC\Desktop\FRST.txt
    2014-02-16 11:40 - 2014-02-16 11:40 - 00000000 ____D () C:\FRST
    2014-02-16 11:40 - 2014-02-16 11:39 - 02152960 _____ (Farbar) C:\Users\ElijahMC\Desktop\FRST64.exe
    2014-02-16 11:33 - 2014-02-16 11:32 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ElijahMC\Desktop\rkill.exe
    2014-02-16 11:33 - 2013-12-28 12:25 - 00002400 _____ () C:\Users\ElijahMC\Desktop\Rkill.txt
    2014-02-16 11:28 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-02-16 11:28 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-02-16 11:25 - 2009-07-14 13:13 - 00779966 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-16 11:24 - 2013-04-30 14:16 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\GarenaPlus
    2014-02-16 11:24 - 2013-04-30 14:16 - 00000000 ____D () C:\ProgramData\GarenaMessenger
    2014-02-16 11:23 - 2013-02-03 09:57 - 01903566 _____ () C:\Windows\WindowsUpdate.log
    2014-02-16 11:22 - 2013-02-03 20:41 - 00000000 ___RD () C:\Users\ElijahMC\Dropbox
    2014-02-16 11:22 - 2013-02-03 20:36 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Dropbox
    2014-02-16 11:21 - 2014-02-16 11:06 - 00000000 ____D () C:\Program Files\Unlocker
    2014-02-16 11:19 - 2014-02-15 18:33 - 00003376 _____ () C:\Windows\setupact.log
    2014-02-16 11:19 - 2013-12-26 16:11 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_ElijahMC
    2014-02-16 11:18 - 2013-02-02 18:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-16 11:18 - 2013-02-02 18:23 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2014-02-16 11:18 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-16 11:06 - 2014-02-16 11:06 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-02-16 11:04 - 2014-02-10 10:46 - 00000051 _____ () C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
    2014-02-16 11:02 - 2014-02-16 11:02 - 00000000 ____D () C:\Users\ElijahMC\Desktop\Take_Ownership
    2014-02-16 11:02 - 2013-02-02 18:53 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-16 11:01 - 2013-02-03 09:02 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job
    2014-02-16 10:58 - 2013-02-07 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-16 10:27 - 2013-02-03 09:35 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\uTorrent
    2014-02-16 10:14 - 2014-02-16 10:14 - 00019954 _____ () C:\Users\ElijahMC\Desktop\MBRCheck_02.16.14_10.14.09.txt
    2014-02-16 10:13 - 2014-02-16 10:14 - 00080384 _____ () C:\Users\ElijahMC\Desktop\MBRCheck.exe
    2014-02-16 10:08 - 2014-02-16 10:08 - 00000657 _____ () C:\Users\ElijahMC\Desktop\JRT.txt
    2014-02-16 09:55 - 2014-02-16 09:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-02-16 06:31 - 2014-02-13 14:31 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
    2014-02-16 05:18 - 2014-02-13 13:12 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\Adobe
    2014-02-15 19:42 - 2014-02-15 18:40 - 00036452 _____ () C:\Windows\PFRO.log
    2014-02-15 19:26 - 2013-03-05 23:54 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\QuickScan
    2014-02-15 19:20 - 2014-02-15 19:20 - 00000920 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_PR_02152014_192038.txt
    2014-02-15 19:20 - 2014-02-15 19:20 - 00000856 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_H_02152014_192034.txt
    2014-02-15 19:20 - 2014-02-15 19:20 - 00000729 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_DN_02152014_192044.txt
    2014-02-15 19:20 - 2014-02-15 19:18 - 00000000 ____D () C:\Users\ElijahMC\Desktop\RK_Quarantine
    2014-02-15 19:19 - 2014-02-15 19:19 - 00002166 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_S_02152014_191947.txt
    2014-02-15 19:17 - 2013-02-24 01:15 - 00000000 ____D () C:\Users\ElijahMC\Documents\CTI
    2014-02-15 19:15 - 2014-02-13 18:49 - 00000000 ____D () C:\AdwCleaner
    2014-02-15 19:03 - 2014-02-15 19:03 - 00149200 _____ () C:\Users\ElijahMC\Desktop\OTL.Txt
    2014-02-15 19:03 - 2014-02-15 19:03 - 00140282 _____ () C:\Users\ElijahMC\Desktop\Extras.Txt
    2014-02-15 18:55 - 2014-02-15 18:55 - 00602112 _____ (OldTimer Tools) C:\Users\ElijahMC\Desktop\OTL.exe
    2014-02-15 18:47 - 2014-02-15 18:47 - 00000928 _____ () C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
    2014-02-15 18:47 - 2014-02-15 18:47 - 00000909 _____ () C:\Users\ElijahMC\Desktop\ERUNT.lnk
    2014-02-15 18:47 - 2014-02-15 18:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-02-15 18:47 - 2013-02-02 18:01 - 00000000 ___RD () C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-15 18:43 - 2014-02-14 21:20 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\CrashDumps
    2014-02-15 18:42 - 2014-02-15 18:42 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Malwarebytes
    2014-02-15 18:36 - 2013-12-27 09:53 - 00000000 ____D () C:\ProgramData\ProductData
    2014-02-15 18:33 - 2014-02-15 18:33 - 00000000 _____ () C:\Windows\setuperr.log
    2014-02-15 13:39 - 2014-02-15 19:32 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\ElijahMC\Desktop\tdsskiller.exe
    2014-02-15 13:31 - 2014-02-15 13:31 - 00353352 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
    2014-02-15 13:31 - 2014-02-15 13:31 - 00031009 _____ () C:\Users\ElijahMC\Desktop\CheckResults.txt
    2014-02-15 13:24 - 2013-02-24 00:51 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F98C9401-FA9C-4FE8-B28B-9C1ED96A3716}
    2014-02-15 13:21 - 2013-02-02 18:37 - 00143312 _____ () C:\Users\ElijahMC\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-02-15 12:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-02-15 12:28 - 2013-12-28 13:33 - 00002862 _____ () C:\Users\ElijahMC\Desktop\unhide.txt
    2014-02-15 09:16 - 2014-02-13 18:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-02-15 09:16 - 2014-02-13 18:53 - 00000000 ____D () C:\Users\ElijahMC\Desktop\mbar
    2014-02-15 02:00 - 2014-02-13 14:31 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
    2014-02-14 23:01 - 2013-02-03 09:02 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job
    2014-02-14 13:05 - 2013-03-06 07:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-02-14 12:48 - 2014-02-14 12:48 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Test
    2014-02-14 12:38 - 2014-02-14 12:37 - 00061901 _____ () C:\Users\ElijahMC\Downloads\FRST.txt
    2014-02-14 12:38 - 2014-02-14 12:37 - 00038672 _____ () C:\Users\ElijahMC\Downloads\Addition.txt
    2014-02-14 12:30 - 2013-02-03 18:25 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\vlc
    2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\Users\ElijahMC\Desktop\UsbFix_Report.txt
    2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\UsbFix [Scan 2] ELIJAHMC-PC.txt
    2014-02-14 12:27 - 2014-02-14 03:47 - 00001448 _____ () C:\Users\ElijahMC\Desktop\UsbFix.lnk
    2014-02-14 12:08 - 2014-02-14 12:08 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000.zip
    2014-02-14 11:21 - 2014-02-14 11:21 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-02-14 08:54 - 2014-02-14 08:54 - 00003178 _____ () C:\Windows\System32\Tasks\{D91F73D6-6D70-4FC1-8B6E-BB3B5DD1C477}
    2014-02-14 08:52 - 2013-10-15 03:02 - 00143312 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
    2014-02-14 08:52 - 2009-07-14 11:20 - 00000000 ___RD () C:\Users\Default
    2014-02-14 08:51 - 2014-02-13 14:34 - 00000000 ____D () C:\Windows\erdnt
    2014-02-14 08:49 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
    2014-02-14 08:33 - 2013-02-24 01:35 - 00000000 ____D () C:\Users\ElijahMC\Downloads\token_orb_animated___coloured_by_kingmoeha-d35s5ae
    2014-02-14 08:29 - 2014-02-14 08:29 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
    2014-02-14 06:05 - 2013-03-06 08:43 - 00000000 ____D () C:\Program Files (x86)\IObit
    2014-02-14 06:01 - 2014-02-14 06:01 - 00000000 ____D () C:\Users\ElijahMC\Downloads\Revo Pro 3.0
    2014-02-14 05:46 - 2014-02-14 05:46 - 00001033 _____ () C:\Users\ElijahMC\Desktop\Take_Ownership.zip
    2014-02-14 04:29 - 2013-04-09 12:28 - 00000000 ____D () C:\ProgramData\Uniblue
    2014-02-14 03:48 - 2014-02-14 03:47 - 00014186 _____ () C:\UsbFix [Scan 1] ELIJAHMC-PC.txt
    2014-02-14 03:47 - 2014-02-14 03:47 - 00000000 ____D () C:\UsbFix
    2014-02-14 03:46 - 2014-02-14 03:46 - 02203778 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\ElijahMC\Downloads\usbfix.exe
    2014-02-14 03:01 - 2014-02-14 03:01 - 00125896 _____ () C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
    2014-02-14 02:58 - 2014-02-14 02:58 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-02-14 02:58 - 2014-02-14 02:58 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-02-14 02:58 - 2014-02-10 10:11 - 00000000 ____D () C:\Program Files\CCleaner
    2014-02-13 18:39 - 2014-02-16 09:59 - 01166132 _____ () C:\Users\ElijahMC\Desktop\AdwCleaner.exe
    2014-02-13 18:38 - 2014-02-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-13 18:37 - 2014-02-16 09:59 - 01037530 _____ (Thisisu) C:\Users\ElijahMC\Desktop\JRT.exe
    2014-02-13 18:29 - 2013-12-15 21:10 - 00000874 _____ () C:\Users\ElijahMC\Desktop\Lumion 3.0.1.lnk
    2014-02-13 18:28 - 2013-10-04 16:44 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\Akamai
    2014-02-13 14:45 - 2014-02-13 14:45 - 00000000 ____D () C:\SUPERDelete
    2014-02-13 14:45 - 2013-03-06 08:43 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\IObit
    2014-02-13 14:41 - 2013-12-15 20:59 - 00000000 ____D () C:\Program Files\Lumion 3.0.1
    2014-02-13 14:31 - 2014-02-13 14:31 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b
    2014-02-13 14:31 - 2014-02-13 14:31 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008
    2014-02-13 14:31 - 2014-02-13 14:31 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
    2014-02-13 14:31 - 2014-02-13 14:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-02-13 14:30 - 2014-02-13 14:30 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-02-13 14:30 - 2014-02-13 14:30 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-02-13 14:24 - 2014-02-13 14:21 - 17915664 _____ (SUPERAntiSpyware) C:\Users\ElijahMC\Downloads\SUPERAntiSpyware.exe
    2014-02-13 13:48 - 2014-01-13 08:14 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\dxhr
    2014-02-13 13:36 - 2014-02-13 13:36 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\28050
    2014-02-13 13:35 - 2014-02-13 13:35 - 00002637 _____ () C:\Users\ElijahMC\Desktop\Ins.txt
    2014-02-13 12:36 - 2014-02-13 12:32 - 00002048 _____ () C:\Uninstall.dat
    2014-02-13 11:44 - 2014-02-13 11:43 - 00050688 _____ (Atribune.org) C:\Users\ElijahMC\Downloads\ATF-Cleaner.exe
    2014-02-13 11:22 - 2013-06-19 21:50 - 00039871 _____ () C:\Users\ElijahMC\Documents\plot.log
    2014-02-13 10:42 - 2014-02-13 10:42 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Downloads\mbam-clean-1.60.2.0003 (1).exe
    2014-02-13 08:57 - 2013-02-03 00:05 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\cache
    2014-02-13 00:57 - 2013-02-02 18:53 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-02-13 00:57 - 2013-02-02 18:53 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-02-13 00:19 - 2013-04-08 23:51 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\PrimoPDF
    2014-02-12 20:30 - 2013-02-11 22:03 - 00000000 ____D () C:\Users\ElijahMC\Documents\My Received Files
    2014-02-12 18:08 - 2013-02-02 18:23 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2014-02-12 05:06 - 2014-02-12 05:06 - 02272768 _____ () C:\Users\ElijahMC\Downloads\chapter20_PC.ppt
    2014-02-12 04:55 - 2014-02-12 04:33 - 00000385 _____ () C:\Users\ElijahMC\Downloads\Probset 2 (1).txt
    2014-02-12 04:30 - 2014-02-12 04:30 - 00000367 _____ () C:\Users\ElijahMC\Downloads\Probset 2.txt
    2014-02-12 03:05 - 2014-02-12 03:05 - 00000382 _____ () C:\Users\ElijahMC\Downloads\Probset 2 with M.txt
    2014-02-11 16:50 - 2014-02-11 16:50 - 01535069 _____ () C:\Users\ElijahMC\Documents\Print.skp
    2014-02-11 14:40 - 2013-10-25 00:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
    2014-02-11 09:48 - 2014-02-11 09:45 - 09781042 _____ () C:\Users\ElijahMC\Downloads\Centralized Terminal.skp
    2014-02-11 09:41 - 2014-02-11 09:41 - 01043121 _____ () C:\Users\ElijahMC\Downloads\ShuttleBus.skp
    2014-02-11 08:30 - 2009-07-14 12:45 - 05204184 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-02-11 02:43 - 2013-02-02 23:44 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Rainmeter
    2014-02-11 02:42 - 2014-02-10 10:12 - 00000000 ____D () C:\Program Files\Process Hacker 2
    2014-02-11 02:42 - 2013-03-06 08:43 - 00000000 ____D () C:\ProgramData\IObit
    2014-02-11 02:41 - 2013-03-14 01:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-02-11 02:41 - 2013-03-05 23:50 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-02-11 02:41 - 2013-02-02 18:52 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-02-11 02:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
    2014-02-11 02:24 - 2010-11-21 15:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-02-10 23:09 - 2013-02-03 01:31 - 00000000 ____D () C:\Users\ElijahMC\Documents\Adobe
    2014-02-10 23:00 - 2014-02-10 23:00 - 00000000 ____D () C:\ProgramData\ALM
    2014-02-10 22:58 - 2013-10-25 00:33 - 00000000 ____D () C:\Program Files\Adobe
    2014-02-10 22:50 - 2014-02-10 21:36 - 00001522 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
    2014-02-10 22:06 - 2013-02-02 18:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-02-10 22:05 - 2013-02-03 00:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-02-10 21:57 - 2013-05-09 21:27 - 00000000 ____D () C:\ProgramData\Adobe
    2014-02-10 21:32 - 2014-02-10 21:30 - 00973603 _____ () C:\Users\ElijahMC\Downloads\52f8d489098c2.zip
    2014-02-10 16:34 - 2014-02-10 16:34 - 00777877 _____ () C:\Users\ElijahMC\Documents\Grid.skp
    2014-02-10 10:52 - 2014-02-10 10:52 - 00001922 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-10 10:52 - 2013-02-02 18:52 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
    2014-02-10 10:13 - 2014-02-10 10:13 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
    2014-02-08 21:13 - 2014-02-08 21:13 - 00000000 ____D () C:\ProgramData\Nexon
    2014-02-08 10:02 - 2014-02-08 10:02 - 00000000 _____ () C:\asc_rdflag
    2014-02-08 10:02 - 2014-01-07 07:00 - 119422976 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2014-02-08 10:02 - 2014-01-07 07:00 - 00307200 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2014-02-08 10:02 - 2014-01-07 07:00 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
    2014-02-08 10:02 - 2014-01-07 07:00 - 00032768 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
    2014-02-06 17:44 - 2014-02-06 17:44 - 00000000 ____D () C:\Users\ElijahMC\Documents\AutoCAD Sheet Sets
    2014-02-06 11:03 - 2014-02-06 10:17 - 210451521 _____ () C:\Users\ElijahMC\Downloads\ManualPatcherv145.exe
    2014-02-06 10:15 - 2014-02-06 10:13 - 05394448 _____ () C:\Users\ElijahMC\Downloads\BED.skp
    2014-02-06 10:14 - 2014-02-06 10:14 - 00055534 _____ () C:\Users\ElijahMC\Downloads\Dodu Queen Bed.skp
    2014-02-06 10:14 - 2014-02-06 10:12 - 10131335 _____ () C:\Users\ElijahMC\Downloads\Untitled (3).skp
    2014-02-05 22:59 - 2013-02-07 21:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-02-05 22:58 - 2013-02-07 21:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-02-05 22:58 - 2013-02-07 21:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-05 13:38 - 2013-10-08 12:56 - 00143312 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2014-02-04 09:12 - 2014-02-04 09:12 - 02362286 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skb
    2014-02-04 09:12 - 2014-02-04 09:12 - 02325072 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skp
    2014-02-04 09:08 - 2014-02-04 09:08 - 00908629 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skb
    2014-02-04 09:08 - 2014-02-04 09:08 - 00640022 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skp
    2014-02-02 13:30 - 2013-08-03 12:45 - 00000000 ____D () C:\Users\ElijahMC\Downloads\BoL Studio
    2014-02-02 12:48 - 2013-02-03 00:04 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
    2014-01-31 00:51 - 2013-02-03 02:12 - 00000000 ____D () C:\Windows\Minidump
    2014-01-30 08:46 - 2014-01-30 08:46 - 00335824 _____ () C:\Users\ElijahMC\Downloads\Lumion_3_2_1_Free_Download.exe
    2014-01-29 19:03 - 2014-01-29 18:16 - 01554699 _____ () C:\Users\Public\ARCH33_CATBAGAN_121813.bak
    2014-01-29 18:04 - 2013-11-18 00:11 - 00169472 ___SH () C:\Users\Public\Thumbs.db
    2014-01-29 17:59 - 2014-01-29 17:59 - 00000885 _____ () C:\Users\Public\Arch 33 - Shortcut.lnk
    2014-01-29 16:49 - 2014-01-29 16:46 - 00001558 _____ () C:\Users\Public\Arch 22 - Shortcut.lnk
    2014-01-29 13:23 - 2014-01-29 09:43 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\BatteryBar
    2014-01-29 11:13 - 2014-01-29 11:13 - 00000000 ____D () C:\Users\ElijahMC\Downloads\nvidiaInspector
    2014-01-29 09:43 - 2014-01-29 09:43 - 00000000 ____D () C:\Program Files\BatteryBar
    2014-01-29 09:42 - 2014-01-29 09:42 - 01313128 _____ () C:\Users\ElijahMC\Downloads\BatteryBarSetup-3.6.3.exe
    2014-01-24 03:47 - 2013-02-20 01:42 - 00000000 ____D () C:\ProgramData\ASGVIS
    2014-01-24 01:19 - 2013-02-02 18:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-01-21 10:53 - 2013-12-27 17:55 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2014-01-21 10:53 - 2013-12-27 17:55 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-01-20 23:43 - 2014-01-20 22:41 - 07593516 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skp
    2014-01-20 23:42 - 2014-01-20 22:54 - 07608665 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skb
    2014-01-19 23:07 - 2013-10-24 23:55 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Adobe
    2014-01-19 12:52 - 2013-09-09 13:47 - 02569703 _____ () C:\Users\ElijahMC\AppData\Roaming\ICARE.LOG
    2014-01-19 12:34 - 2013-12-27 08:36 - 00000498 _____ () C:\Users\ElijahMC\AppData\Roaming\ICARE_ACTIVITY.LOG
    2014-01-19 12:25 - 2014-01-19 12:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune
    2014-01-19 12:24 - 2014-01-19 12:24 - 00642632 _____ (EFD Software ) C:\Users\ElijahMC\Downloads\hdtune_255.exe
    2014-01-19 12:18 - 2013-05-09 23:31 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\CrystalDiskMark
    2014-01-19 05:08 - 2014-01-19 05:08 - 00000192 _____ () C:\Users\Public\Desktop\MapleStory.url
    2014-01-19 05:04 - 2014-01-18 03:05 - 00000000 ____D () C:\Nexon
    2014-01-18 22:46 - 2014-01-18 22:46 - 00003514 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ElijahMC-PC-ElijahMC
    2014-01-18 03:05 - 2014-01-18 03:05 - 00000000 ____D () C:\ProgramData\NexonUS
    2014-01-17 09:57 - 2013-12-27 10:58 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
    2014-01-17 09:54 - 2014-01-17 09:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-01-17 09:54 - 2013-10-25 18:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-01-17 09:54 - 2013-10-25 18:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-01-17 09:54 - 2013-10-25 18:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-01-17 09:29 - 2014-01-17 09:27 - 29141928 _____ (Oracle Corporation) C:\Users\ElijahMC\Downloads\jre-7u51-windows-i586.exe
    2014-01-17 09:23 - 2013-12-27 10:58 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\SystemRequirementsLab

    Files to move or delete:
    ====================
    C:\ProgramData\.bf45c81f8dc8abfeecf09.dat
    C:\Users\ElijahMC\jagex_cl_runescape_LIVE.dat
    C:\Users\ElijahMC\random.dat


    Some content of TEMP:
    ====================
    C:\Users\ElijahMC\AppData\Local\Temp\bitool.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-09 17:19

    ==================== End Of Log ============================
  19. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
    Ran by ElijahMC at 2014-02-16 11:41:01
    Running from C:\Users\ElijahMC\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: - )
    Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
    Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
    Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
    Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
    Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
    Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
    Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
    Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
    Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated)
    Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.1) (x32 Version: 10.1.1 - Adobe Systems Incorporated)
    Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Update Management Tool (x32 Version: 6.2 - PainteR)
    Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
    Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
    Any Video Converter 5 5.0.3 (x32 Version: - Any-Video-Converter.com)
    Apple Application Support (x32 Version: 2.1.5 - Apple Inc.)
    ArchiCAD 16 INT (Version: 16.0 - GRAPHISOFT)
    Assassin's Creed II (x32 Version: 1.01 - Ubisoft)
    AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk)
    AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
    AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
    AutoCAD Architecture 2014 - English (Version: 7.5.17.0 - Autodesk) Hidden
    AutoCAD Architecture 2014 Language Pack - English (Version: 7.5.17.0 - Autodesk) Hidden
    Autodesk 360 (Version: 4.0.27.1 - Autodesk)
    Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk)
    Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
    Autodesk App Manager (x32 Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD Architecture 2014 - English (Version: 7.5.17.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
    Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.)
    Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
    Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk)
    Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
    Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (Version: 1.0.0.1 - Autodesk)
    Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (Version: - Autodesk)
    Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (Version: - Autodesk)
    Autodesk Featured Apps (x32 Version: 1.1.0 - Autodesk)
    Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.)
    Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
    Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk)
    Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
    Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (Version: 15.0 - Autodesk)
    Autodesk MatchMover 2013 64-bit (Version: 14.00.0000 - Autodesk)
    Autodesk Material Library 2013 (x32 Version: 3.0.13 - Autodesk)
    Autodesk Material Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
    Autodesk Material Library Medium Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
    Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk)
    Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
    Autodesk MotionBuilder 2013 64-bit (Version: 13.00.0000 - Autodesk)
    Autodesk MotionBuilder 2013 64-bit (Version: 13.00.0000 - Autodesk) Hidden
    Autodesk Mudbox 2013 64-bit (Version: 7.0.0.602 - Autodesk)
    Autodesk Mudbox 2013 64-bit (Version: 7.0.0.602 - Autodesk) Hidden
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk Revit Architecture 2013 (Version: 12.02.21203 - Autodesk)
    Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (Version: 1.0.0.1 - Autodesk)
    Autodesk SketchBook Designer 2013 (Version: 3.00.0000 - Autodesk)
    Autodesk SketchBook Designer 2013 (Version: 3.00.0000 - Autodesk) Hidden
    Autodesk Softimage 2013 64-bit (Version: 11.0.0000 - Autodesk) Hidden
    avast! Free Antivirus (x32 Version: 8.0.1483.0 - AVAST Software)
    BatteryBar (remove only) (Version: - )
    Belarc Advisor 8.3 (x32 Version: 8.3.2.0 - Belarc Inc.)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Camera Recorder (x32 Version: 1.0.909.0801 - Camera Recorder)
    CCleaner (Version: 4.10 - Piriform)
    Cheat Engine 6.2 (x32 Version: - Dark Byte)
    Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0 - Electronic Arts)
    Command & Conquer™ Red Alert™ 3 (x32 Version: 1.0.1.0 - Electronic Arts)
    Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
    Company of Heroes (x32 Version: 2.602.0 - THQ Inc.)
    Composite 2013 64-bit (Version: 8.0.0 - Autodesk)
    Core Temp 1.0 RC4 (Version: 1.0 - Alcpu)
    CrystalDiskMark 3.0.2f Shizuku Edition (Version: 3.0.2f - Crystal Dew World)
    Debut Video Capture Software (x32 Version: - NCH Software)
    Deus ex Human Revolution version 1.0 (x32 Version: 1.0 - )
    Dishonored (x32 Version: - )
    DraftSight x64 (Version: 10.2.1010 - Dassault Systemes)
    Dragon Age: Origins (x32 Version: 1.00 - Electronic Arts, Inc.)
    Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
    EPSON ME 320 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
    EPSON ME 340 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
    EPSON Scan (x32 Version: - Seiko Epson Corporation)
    EPSON T13 T22E Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
    ERUNT 1.1j (x32 Version: - Lars Hederer)
    ESET Online Scanner v3 (x32 Version: - )
    ETDWare PS/2-X64 8.0.5.7_WHQL (Version: 8.0.5.7 - ELAN Microelectronic Corp.)
    Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)
    Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
    FARO LS 1.1.406.58 (x32 Version: 4.6.58.2 - FARO Scanner Production)
    FARO LS 1.1.408.2 (x32 Version: 4.8.2.25521 - FARO Scanner Production)
    FARO LS 1.1.501.0 (64bit) (x32 Version: 5.1.0.30630 - FARO Scanner Production)
    FARO LS 4.8.2.25521 (x32 Version: - FARO Technologies)
    Free Alarm Clock 2.5.0 (x32 Version: 2.5 - Comfort Software Group)
    GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
    Globe Tattoo Broadband (x32 Version: 21.005.20.06.158 - Huawei Technologies Co.,Ltd)
    Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
    Google Earth (x32 Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    GraphCalc v4.0.1 (x32 Version: - )
    HD Tune 2.55 (x32 Version: - EFD Software)
    Intel PROSet Wireless (Version: - ) Hidden
    Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342 - Intel Corporation)
    Intel(R) Management Engine Components (x32 Version: 8.0.4.1441 - Intel Corporation)
    Intel(R) Processor Graphics (x32 Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.1.0153 - Intel Corporation)
    Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (Version: 15.01.1000.0927 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
    IObit Apps Toolbar v8.6 (x32 Version: 8.6 - Spigot, Inc.) <==== ATTENTION
    IObit Uninstaller (x32 Version: 3.0.5.1101 - IObit)
    Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 32 (x32 Version: 6.0.320 - Oracle)
    Lumion 3.0.1 (Version: 3.0.1 - Act-3D B.V.)
    MapleStory (x32 Version: - )
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
    MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
    Nexon Game Manager (x32 Version: - )
    NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 332.21 (Version: 332.21 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
    NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
    NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
    Onigiri_US (x32 Version: 1.00.0000 - CyberStep, Inc.)
    ONIMUSHA3 PC (x32 Version: 1.00.000 - CAPCOM)
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PosteRazor (x32 Version: 1.5.2 - Alessandro Portale)
    PowerISO (x32 Version: 5.5 - Power Software Ltd)
    PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5 - Nitro PDF Software)
    Profiler 14 INT (x32 Version: 14.0 - Graphisoft)
    Profiler 16 INT (x32 Version: 16.0 - Graphisoft)
    progeCAD 2011 Professional (x32 Version: 11.0.2.9 - Progecad s.r.l.)
    progeCAD Architecture (x32 Version: - progeCAD)
    Proxy Switcher (x32 Version: 3.6.1 - Marco Wiedemeyer)
    QuickTime (x32 Version: 7.71.80.42 - Apple Inc.)
    Rainmeter (x32 Version: 2.5 beta r1792 - )
    RAMDisk (x32 Version: 4.3.0.1 - Dataram, Inc.)
    RAR Password Unlocker (x32 Version: - RAR Password Unlocker, Inc.)
    Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011 - Realtek)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (x32 Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
    RegSupreme (x32 Version: - Macecraft Software)
    Revit Architecture 2013 (Version: 12.02.21203 - Autodesk) Hidden
    Revit Architecture 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
    Revo Uninstaller Pro 3.0.5 (Version: 3.0.5 - VS Revo Group, Ltd.)
    RocketDock 1.3.5 (x32 Version: - Punk Software)
    S-Bar (x32 Version: 21.012.04278 - )
    SevenZip (x32 Version: 9.20 - SevenZip)
    Shaun White Skateboarding (x32 Version: 1.0 - Ubisoft)
    SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
    SketchUp 2013 (x32 Version: 13.0.4124 - Trimble Navigation Limited)
    SketchUp Import for AutoCAD 2014 (x32 Version: 1.1.0 - Autodesk)
    SketchUp Pro 8 (x32 Version: 3.0.15158 - Trimble Navigation Limited)
    Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
    Smart Bro (x32 Version: 11.300.05.03.238 - Huawei Technologies Co.,Ltd)
    Smart Defrag 2 (x32 Version: 2.8 - IObit)
    SpeedFan (remove only) (x32 Version: - )
    Stardock WindowBlinds (x32 Version: 8.02 - Stardock Software, Inc.)
    Suite Exclusives Premium 2013 64-bit (Version: 5.3 - Autodesk)
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
    Surfing Protection (x32 Version: 1.0 - IObit)
    System Requirements Lab for Intel (x32 Version: 4.5.22.0 - Husdawg, LLC)
    The Sims™ 3 (x32 Version: 1.63.5 - Electronic Arts)
    Turtle for Maya Premium 2013 64-bit (Version: 5.3 - Autodesk)
    Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
    Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC)
    Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden
    Unity Web Player (HKCU Version: - Unity Technologies ApS)
    Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
    UsbFix (x32 Version: 7.164 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
    Vegas Pro 12.0 (64-bit) (Version: 12.0.486 - Sony)
    VideoPad Video Editor (x32 Version: - NCH Software)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177 - Microsoft Corporation)
    VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
    V-Ray for SketchUp (x32 Version: 1.49.02 - Chaos Group, LLC)
    WebCam Recorder (x32 Version: - )
    WinRAR 4.20 (32-bit) (x32 Version: 4.20.0 - win.rar GmbH)
    Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))
    Yahoo! Install Manager (x32 Version: - )
    Yahoo! Messenger (x32 Version: - Yahoo! Inc.)
    Yahoo! Software Update (x32 Version: - )
    Yahoo! Toolbar (x32 Version: - Yahoo! Inc.)
    Yawcam 0.4.0 (x32 Version: - )
    YTD Toolbar v8.6 (x32 Version: 8.6 - Spigot, Inc.)
    YTD Video Downloader 4.0 (x32 Version: 4.0 - GreenTree Applications SRL)

    ==================== Restore Points =========================

    13-02-2014 19:04:02 ComboFix created restore point
    13-02-2014 22:03:58 Revo Uninstaller Pro's restore point - Advanced SystemCare 7
    16-02-2014 03:04:48 Revo Uninstaller Pro's restore point - Malwarebytes' Anti-Malware

    ==================== Hosts content: ==========================

    2009-07-14 10:34 - 2014-02-15 19:20 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0C9106C1-38E0-446A-982F-2DBFACBB6DBB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03] (Facebook Inc.)
    Task: {14DA0F75-156B-4D33-A263-101056DD5990} - System32\Tasks\Hoolapp For Android => C:\Users\ElijahMC\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {37BEB9E3-CA40-4DDE-AD43-633B94D39CE2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {47F7554C-0BEF-413A-98E0-39F1455ABAF1} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-06-30] (IObit)
    Task: {51E46D39-B8E8-4FE2-8C57-01D4F76DAA99} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-07] (AVAST Software)
    Task: {705BB0D1-54C9-4547-B563-98B8B754CC4A} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
    Task: {74169384-6593-45CB-9AA0-D915E2305C2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
    Task: {7C6A2EAE-5819-4043-BE1F-1AFA87C9145C} - System32\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
    Task: {7C8B042F-2465-40C2-A7B9-EE49360B3139} - System32\Tasks\gg_uac_daemon_ElijahMC => D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe [2013-07-10] ()
    Task: {94CF6E80-F9F4-4B4C-A458-ECFE95E1261A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
    Task: {98DE231D-1B18-47FB-A0E7-501B5B335901} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {99E8B887-5D53-4A00-AF99-18F93E984E88} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03] (Facebook Inc.)
    Task: {9B26E50C-175C-4EE3-80BF-57A012C0C14D} - System32\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
    Task: {9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    Task: {BCFDB88E-2F60-46E6-B835-FD40DF55B6F6} - System32\Tasks\AdobeAAMUpdater-1.0-ElijahMC-PC-ElijahMC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
    Task: {C242168F-FC83-4831-B7C7-CC110D002830} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
    Task: {C7F0B340-3A2D-465E-9970-E5F91423B1E1} - System32\Tasks\Core Temp Autostart ElijahMC => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
    Task: {DADE8C3E-9282-433A-850B-859A7B90F062} - \Dealply No Task File
    Task: {DC707229-4C05-40F7-87B6-BE942456C71B} - System32\Tasks\ASC7_SkipUac_ElijahMC => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
    Task: {ED192AC9-EACC-4F93-9ABC-756BDD4155C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
    Task: {F2BCA30B-5394-41D5-96A0-FA8A80337105} - System32\Tasks\gg_uac_daemon_Test => D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe [2013-07-10] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-07-13 09:00 - 2013-07-10 19:54 - 00049456 _____ () D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
    2013-02-03 00:50 - 2012-10-14 21:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
    2013-02-02 18:25 - 2012-03-26 17:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-02-03 00:11 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
    2013-04-30 17:24 - 2014-02-06 19:36 - 09890608 _____ () D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
    2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2013-12-20 00:36 - 2013-12-20 00:36 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
    2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-02-16 05:13 - 2014-02-15 23:57 - 02272256 _____ () C:\Program Files\AVAST Software\Avast\defs\14021501\algo.dll
    2013-04-30 17:24 - 2013-08-23 17:10 - 00553776 _____ () D:\Applications\GarenaLoLPH\GameData\ggspawn.dll
    2013-02-03 00:11 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
    2013-12-01 17:39 - 2013-12-01 17:38 - 00655712 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    2013-12-01 17:39 - 2013-12-01 17:38 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
    2013-12-01 17:39 - 2013-12-01 17:38 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
    2013-12-01 17:39 - 2013-12-01 17:38 - 02415104 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
    2013-12-01 17:39 - 2013-12-01 17:38 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
    2013-12-01 17:39 - 2013-12-01 17:38 - 00835072 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QueryStrategy.dll
    2013-12-01 17:39 - 2013-12-01 17:38 - 00398336 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtXml4.dll
    2013-02-02 18:23 - 2012-03-15 12:48 - 00127320 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2011-09-15 06:19 - 2011-09-15 06:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    2013-04-30 17:24 - 2013-01-30 16:26 - 00104752 _____ () D:\Applications\GarenaLoLPH\GameData\CommonLib.dll
    2013-04-30 17:24 - 2013-02-07 17:11 - 00033584 _____ () D:\Applications\GarenaLoLPH\GameData\DibModule.dll
    2013-04-30 17:24 - 2014-02-11 19:36 - 00027952 _____ () D:\Applications\GarenaLoLPH\GameData\VersionModule.dll
    2013-04-30 17:24 - 2013-02-07 17:11 - 00051504 _____ () D:\Applications\GarenaLoLPH\GameData\FileLoader.dll
    2013-04-30 17:24 - 2013-02-07 17:11 - 00087344 _____ () D:\Applications\GarenaLoLPH\GameData\PluginKernel.dll
    2013-04-30 17:24 - 2013-03-07 10:10 - 00487216 _____ () D:\Applications\GarenaLoLPH\GameData\CxImage.dll
    2013-04-30 17:24 - 2013-02-07 17:11 - 00025392 _____ () D:\Applications\GarenaLoLPH\GameData\PluginModule.dll
    2013-04-30 17:26 - 2013-04-10 17:23 - 00170800 _____ () D:\Applications\GarenaLoLPH\GameData\lib\fs\YYFileSystem.dll
    2013-04-30 17:26 - 2013-03-13 18:05 - 00374064 _____ () D:\Applications\GarenaLoLPH\GameData\lib\Http.dll
    2013-04-30 17:26 - 2012-02-22 16:52 - 00178176 _____ () D:\Applications\GarenaLoLPH\GameData\lib\MP3Module.dll
    2013-04-30 17:24 - 2012-02-22 16:52 - 00162304 _____ () D:\Applications\GarenaLoLPH\GameData\lame_enc.DLL
    2013-04-30 17:26 - 2013-01-14 19:57 - 00219952 _____ () D:\Applications\GarenaLoLPH\GameData\lib\TaskManagerLib.dll
    2013-04-30 17:26 - 2013-03-07 10:10 - 00106288 _____ () D:\Applications\GarenaLoLPH\GameData\lib\UILayout.dll
    2013-04-30 17:26 - 2014-02-06 19:37 - 00957232 _____ () D:\Applications\GarenaLoLPH\GameData\lib\XLL.dll
    2013-04-30 17:26 - 2012-09-13 14:19 - 00048640 _____ () D:\Applications\GarenaLoLPH\GameData\lib\XmlUIModule.dll
    2013-04-30 17:24 - 2012-02-22 16:52 - 00573100 _____ () D:\Applications\GarenaLoLPH\GameData\sqlite3.dll
    2013-04-30 17:26 - 2013-03-07 10:10 - 00224560 _____ () D:\Applications\GarenaLoLPH\GameData\Plugins\StatsPlugin.dll
    2013-04-30 17:26 - 2014-01-20 16:50 - 00891184 _____ () D:\Applications\GarenaLoLPH\GameData\Plugins\ggplugin.dll
    2013-04-30 17:24 - 2013-02-07 17:11 - 00192816 _____ () D:\Applications\GarenaLoLPH\GameData\ImageModule.dll
    2013-04-30 21:53 - 2013-04-10 17:22 - 00155440 _____ () D:\Applications\GarenaLoLPH\GameData\libmpg123.dll
    2013-04-30 17:24 - 2013-01-30 16:26 - 02941232 _____ () D:\Applications\GarenaLoLPH\GameData\ggdownloader.dll
    2013-04-30 17:26 - 2012-04-13 11:12 - 00059392 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\AudioMixerLib.dll
    2013-04-30 17:26 - 2012-07-27 14:59 - 00010240 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\ClientTcp.dll
    2013-04-30 17:26 - 2013-07-15 22:29 - 01545520 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\FileSender.dll
    2013-04-30 17:24 - 2013-02-01 13:42 - 00153088 _____ () D:\Applications\GarenaLoLPH\GameData\libzmq.dll
    2013-04-30 17:26 - 2013-09-20 19:12 - 00956208 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\GaFileTransfer.dll
    2013-04-30 17:26 - 2012-04-24 09:19 - 00238592 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\MediaEngine.dll
    2013-04-30 17:24 - 2012-04-13 11:12 - 00019968 _____ () D:\Applications\GarenaLoLPH\GameData\ServerMemAlloc.dll
    2013-04-30 17:26 - 2012-03-08 16:56 - 00510464 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\RSALib.dll
    2013-04-30 17:26 - 2012-07-27 14:59 - 00061952 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\UdtLib.dll
    2013-06-09 00:30 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\libcef.dll
    2013-04-09 18:22 - 2013-04-09 18:22 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7ef6cbe83c4dbe6a45a7b60fe10c509e\PSIClient.ni.dll
    2013-02-02 18:23 - 2012-03-06 15:27 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-02-04 08:56 - 2014-02-02 07:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
    2014-02-04 08:56 - 2014-02-02 07:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
    2014-02-04 08:56 - 2014-02-02 07:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
    2014-02-04 08:56 - 2014-02-02 07:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    2014-02-04 08:56 - 2014-02-02 07:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
    2014-02-04 08:56 - 2014-02-02 07:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
    AlternateDataStreams: C:\Users\ElijahMC\AppData\Local\Temporary Internet Files:dIca0npz5fm8PWQnsylN1lB

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NBF => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nbf.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectedStorage => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sglfb.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tga.sys => ""="Driver"

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
    MSCONFIG\startupreg: EPSON ME 320 Series (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGC.EXE /FU "C:\Windows\TEMP\E_SC8CE.tmp" /EF "HKCU"
    MSCONFIG\startupreg: Facebook Update => "C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Q-Face agent => C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe
    MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: TSSTcorp CDDVDW SN-208AB SCSI CdRom Device
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/16/2014 11:21:52 AM) (Source: Microsoft-Windows-RestartManager) (User: ElijahMC-PC)
    Description: Application or service 'Windows Explorer' could not be shut down.

    Error: (02/16/2014 11:19:55 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (02/16/2014 11:20:28 AM) (Source: Service Control Manager) (User: )
    Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/16/2014 11:20:11 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    PxHlpa64

    Error: (02/16/2014 11:19:20 AM) (Source: Service Control Manager) (User: )
    Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error:
    %%1053

    Error: (02/16/2014 11:19:20 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.


    Microsoft Office Sessions:
    =========================
    Error: (02/16/2014 11:21:52 AM) (Source: Microsoft-Windows-RestartManager)(User: ElijahMC-PC)
    Description: 1C:\Windows\explorer.exeWindows Explorer0411719800

    Error: (02/16/2014 11:19:55 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2014-02-14 08:45:43.337
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-02-14 08:45:43.332
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 21%
    Total physical RAM: 16280.95 MB
    Available physical RAM: 12803.59 MB
    Total Pagefile: 32560.09 MB
    Available Pagefile: 28886.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:244.04 GB) (Free:39.54 GB) NTFS
    Drive d: () (Fixed) (Total:454.49 GB) (Free:62.8 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: ADB1D01C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    [​IMG] Uninstall IObit Apps Toolbar v8.6.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Attached Files:

  21. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
    Ran by ElijahMC at 2014-02-16 12:11:16 Run:1
    Running from C:\Users\ElijahMC\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] - [X]
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
    CHR Plugin: (Advanced SystemCare 6) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\ProgramData\.bf45c81f8dc8abfeecf09.dat
    C:\Users\ElijahMC\jagex_cl_runescape_LIVE.dat
    C:\Users\ElijahMC\random.dat
    C:\Users\ElijahMC\AppData\Local\Temp\bitool.dll
    Task: {9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    Task: {DC707229-4C05-40F7-87B6-BE942456C71B} - System32\Tasks\ASC7_SkipUac_ElijahMC => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
    AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
    AlternateDataStreams: C:\Users\ElijahMC\AppData\Local\Temporary Internet Files:dIca0npz5fm8PWQnsylN1lB

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
    HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
    HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
    C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll not found.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\ProgramData\.bf45c81f8dc8abfeecf09.dat => Moved successfully.
    C:\Users\ElijahMC\jagex_cl_runescape_LIVE.dat => Moved successfully.
    C:\Users\ElijahMC\random.dat => Moved successfully.
    C:\Users\ElijahMC\AppData\Local\Temp\bitool.dll => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} => Key deleted successfully.
    C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC707229-4C05-40F7-87B6-BE942456C71B} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC707229-4C05-40F7-87B6-BE942456C71B} => Key deleted successfully.
    C:\Windows\System32\Tasks\ASC7_SkipUac_ElijahMC => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_ElijahMC => Key deleted successfully.
    C:\ProgramData\TEMP => ":553CA6CA" ADS removed successfully.
    C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
    C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
    "C:\Users\ElijahMC\AppData\Local\Temporary Internet Files" => ":dIca0npz5fm8PWQnsylN1lB" ADS not found.

    ==== End of Fixlog ====
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  23. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    RKreport-1


    RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : ElijahMC [Admin rights]
    Mode : Scan -- Date : 02/16/2014 12:18:43
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] Hoolapp For Android : C:\Users\ElijahMC\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54757 SCSI Disk Device +++++
    --- User ---
    [MBR] 4206a0566ccfb30004c1140eb5d1c50e
    [BSP] 699c2b6917442d911660fc0346d89c68 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249900 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 465401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_02162014_121843.txt >>


    RKreport-2

    RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : ElijahMC [Admin rights]
    Mode : Remove -- Date : 02/16/2014 12:19:18
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] Hoolapp For Android : C:\Users\ElijahMC\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54757 SCSI Disk Device +++++
    --- User ---
    [MBR] 4206a0566ccfb30004c1140eb5d1c50e
    [BSP] 699c2b6917442d911660fc0346d89c68 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249900 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 465401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_02162014_121918.txt >>
    RKreport[0]_S_02162014_121843.txt
  24. Elijah Catbagan

    Elijah Catbagan TechSpot Member Topic Starter Posts: 33

    mbar-log

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.02.16.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    ElijahMC :: ELIJAHMC-PC [administrator]

    2/16/2014 12:24:32 PM
    mbar-log-2014-02-16 (12-24-32).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 328221
    Time elapsed: 36 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.