Solved MBAM cannot install. Access is denied

Elijah Catbagan · Feb 15, 2014

I recently downloaded some sort of file which was supposed to be a zip file but it turned out to be an exe file. Accidentally opened it and spammed the zip contents window non stop on me until I went to safe mode, deleted the file and did a system restore about 19hrs back. All seemed well until I realized ASC and MBAM won't load (error mismatch). Avast runs smooth though. Uninstalled MBAM and tried to uninstall ASC but prompted "access denied". I then used Revo uninstaller to remove asc and was able to do so.

Now, reinstalling MBAM won't work. Access is denied when creating a folder.... etc. Tried using chameleon but it prompts the same error. Already ran full scans with superantispyware and TDSSkiller to no avail. Can anyone help? Thanks!

Broni · Feb 15, 2014

Welcome aboard

Download and run this utility.
It will ask to restart your computer (please allow it to).
After the computer restarts, install the latest version from here.

Elijah Catbagan · Feb 15, 2014

Thank you for the reply.

Already did that many times, MBAM is not listed in the control panel and installing even safe mode wouldn't work.

Broni · Feb 15, 2014

Open Windows Explorer and see if you have Malwarebytes folder in Program Files directory.
If so delete it.

Elijah Catbagan · Feb 15, 2014

Cannot delete folder. Used by another program

Broni · Feb 15, 2014

Download, and install Unlocker: http://www.emptyloop.com/unlocker/
Restart computer.
It'll install under right click menu.

Open Windows Explorer.
Navigate to offending folder/file.

Right click on a folder/file. Click Unlocker
Select Delete from drop-down menu:

Click OK.
A folder/file will refuse to be deleted, but Unlocker will give you an option to delete on reboot:

Click Yes.
Restart computer.

Elijah Catbagan · Feb 15, 2014

Superantispyware detected trojan.gen.download something upon finishing the installation and prompted for scan.

Broni · Feb 15, 2014

You may be still infected.
We'll check that.

What about my previous reply?

Elijah Catbagan · Feb 15, 2014

I mean it detected the trojan upon finishing the installion of unlocker from the link you posted.

Broni · Feb 15, 2014

Make sure you preform Unlocker custom installation.
These days many programs will try to sneak something else in.
The program itself is clean.

Elijah Catbagan · Feb 15, 2014

Alright, done scanning and removed the threat. Removed MBAM folder aswell

Broni · Feb 15, 2014

See if you can install MBAM now.

Elijah Catbagan · Feb 15, 2014

Same error. Access is denied..

Broni · Feb 15, 2014

Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

Try to install MBAM right away.

Elijah Catbagan · Feb 15, 2014

Still got the same error

rKill.txt

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/16/2014 11:33:28 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/16/2014 11:33:41 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

Broni · Feb 15, 2014

OK, let's see what's going on there...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Elijah Catbagan · Feb 15, 2014

FRST.txt 1 of 2

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by ElijahMC (administrator) on ELIJAHMC-PC on 16-02-2014 11:40:36
Running from C:\Users\ElijahMC\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
(Akamai Technologies, Inc.) C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-03-07] (AVAST Software)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [GarenaPlus] - D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe [9890608 2014-02-06] ()
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [Akamai NetSession Interface] - C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-07] (SUPERAntiSpyware)
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6087448 2014-01-21] (Piriform Ltd)
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\...\Policies\Explorer: []
Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA803D23B601CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 210.4.2.61 202.78.97.41

FireFox:
========
FF ProfilePath: C:\Users\ElijahMC\AppData\Roaming\Mozilla\Firefox\Profiles\luwmcrsj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @t.garena.com/garenatalk - D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-17]

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Advanced SystemCare 6) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ArchiCAD) - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Unity Player) - C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Desktop) - C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Garena Talk Plugin) - D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn [2013-09-19]
CHR Extension: (RuneScape) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj [2013-10-25]
CHR Extension: (Beautiful landscape) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-01-10]
CHR Extension: (Google Docs) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-28]
CHR Extension: (Google Drive) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-28]
CHR Extension: (American Racing 2 3D) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpfdjclhabpjncikdngdoldjjjegnbe [2014-02-06]
CHR Extension: (Dragon Age Legends: Remix 01) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj [2013-10-31]
CHR Extension: (YouTube) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-28]
CHR Extension: (BeGone: Last Stand HD) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmekbplkjhgmljmbblmhmcnocafhaink [2013-09-19]
CHR Extension: (Smartsheet Project Management) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm [2013-09-19]
CHR Extension: (Kingdom Rush) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2013-09-19]
CHR Extension: (Google Search) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-28]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2013-10-31]
CHR Extension: (Polycraft) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2013-11-03]
CHR Extension: (Picditor Photo Editor) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2013-10-31]
CHR Extension: (Planner 5D) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2013-09-20]
CHR Extension: (Ads Removal) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-14]
CHR Extension: (Arcane Legends) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-09-22]
CHR Extension: (avast! WebRep) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-08-28]
CHR Extension: (theHunter) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo [2013-09-22]
CHR Extension: (Online PDF Tools) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2013-09-19]
CHR Extension: (Traffic Slam 3) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjmailnmofkkffoemgmdbemmohldhe [2013-10-31]
CHR Extension: (Autodesk Homestyler) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-09-22]
CHR Extension: (Verdun Game) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdppkcpilejlgahecofelpoidcnjbdg [2013-10-26]
CHR Extension: (WorkFlowy) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2013-09-20]
CHR Extension: (Save as PDF) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2013-09-03]
CHR Extension: (Drakensang Online) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgloifppaepihckkhiocnodicehjdoof [2013-10-31]
CHR Extension: (Fishing Joy) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Battlefield Play4Free) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-11-01]
CHR Extension: (Bastion) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2013-10-25]
CHR Extension: (Bitdefender QuickScan) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-02-15]
CHR Extension: (Gmail) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - \BrowerProtect\ASC_GhromePlugin.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-03-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-06-28] (Dassault Systèmes)
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [655712 2013-12-01] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] ()
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2012-04-27] (Micro-Star International Co., Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5150632 2012-12-06] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S2 AdobeARMservice; No ImagePath
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [80896 2013-04-09] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2013-04-09] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2013-04-09] (Motorola Solutions, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2013-12-01] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2013-04-09] ( )
S3 MSILiveVirtualCamera; C:\Windows\System32\DRIVERS\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R3 ALSysIO; \??\C:\Users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz136; \??\C:\Users\ElijahMC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2013-12-01] (Huawei Technologies Co., Ltd.)
S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

Elijah Catbagan · Feb 15, 2014

FRST.txt 2 of 2

==================== One Month Created Files and Folders ========

2014-02-16 17:38 - 2014-02-16 17:38 - 29097984 _____ () C:\Windows\system32\config\system.bdkup
2014-02-16 17:38 - 2014-02-16 17:38 - 119422976 _____ () C:\Windows\system32\config\software.bdkup
2014-02-16 11:40 - 2014-02-16 11:40 - 00034430 _____ () C:\Users\ElijahMC\Desktop\FRST.txt
2014-02-16 11:40 - 2014-02-16 11:40 - 00000000 ____D () C:\FRST
2014-02-16 11:39 - 2014-02-16 11:40 - 02152960 _____ (Farbar) C:\Users\ElijahMC\Desktop\FRST64.exe
2014-02-16 11:32 - 2014-02-16 11:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ElijahMC\Desktop\rkill.exe
2014-02-16 11:06 - 2014-02-16 11:21 - 00000000 ____D () C:\Program Files\Unlocker
2014-02-16 11:06 - 2014-02-16 11:06 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-02-16 11:02 - 2014-02-16 11:02 - 00000000 ____D () C:\Users\ElijahMC\Desktop\Take_Ownership
2014-02-16 10:14 - 2014-02-16 10:14 - 00019954 _____ () C:\Users\ElijahMC\Desktop\MBRCheck_02.16.14_10.14.09.txt
2014-02-16 10:14 - 2014-02-16 10:13 - 00080384 _____ () C:\Users\ElijahMC\Desktop\MBRCheck.exe
2014-02-16 10:08 - 2014-02-16 10:08 - 00000657 _____ () C:\Users\ElijahMC\Desktop\JRT.txt
2014-02-16 09:59 - 2014-02-13 18:39 - 01166132 _____ () C:\Users\ElijahMC\Desktop\AdwCleaner.exe
2014-02-16 09:59 - 2014-02-13 18:37 - 01037530 _____ (Thisisu) C:\Users\ElijahMC\Desktop\JRT.exe
2014-02-16 09:55 - 2014-02-16 09:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-15 19:32 - 2014-02-15 13:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\ElijahMC\Desktop\tdsskiller.exe
2014-02-15 19:20 - 2014-02-15 19:20 - 00000920 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_PR_02152014_192038.txt
2014-02-15 19:20 - 2014-02-15 19:20 - 00000856 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_H_02152014_192034.txt
2014-02-15 19:20 - 2014-02-15 19:20 - 00000729 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_DN_02152014_192044.txt
2014-02-15 19:19 - 2014-02-15 19:19 - 00002166 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_S_02152014_191947.txt
2014-02-15 19:18 - 2014-02-15 19:20 - 00000000 ____D () C:\Users\ElijahMC\Desktop\RK_Quarantine
2014-02-15 19:03 - 2014-02-15 19:03 - 00149200 _____ () C:\Users\ElijahMC\Desktop\OTL.Txt
2014-02-15 19:03 - 2014-02-15 19:03 - 00140282 _____ () C:\Users\ElijahMC\Desktop\Extras.Txt
2014-02-15 18:55 - 2014-02-15 18:55 - 00602112 _____ (OldTimer Tools) C:\Users\ElijahMC\Desktop\OTL.exe
2014-02-15 18:47 - 2014-02-15 18:47 - 00000928 _____ () C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
2014-02-15 18:47 - 2014-02-15 18:47 - 00000909 _____ () C:\Users\ElijahMC\Desktop\ERUNT.lnk
2014-02-15 18:47 - 2014-02-15 18:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-15 18:42 - 2014-02-15 18:42 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Malwarebytes
2014-02-15 18:40 - 2014-02-15 19:42 - 00036452 _____ () C:\Windows\PFRO.log
2014-02-15 18:33 - 2014-02-16 11:19 - 00003376 _____ () C:\Windows\setupact.log
2014-02-15 18:33 - 2014-02-15 18:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 13:31 - 2014-02-15 13:31 - 00353352 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
2014-02-15 13:31 - 2014-02-15 13:31 - 00031009 _____ () C:\Users\ElijahMC\Desktop\CheckResults.txt
2014-02-14 21:20 - 2014-02-15 18:43 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\CrashDumps
2014-02-14 12:48 - 2014-02-14 12:48 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Test
2014-02-14 12:37 - 2014-02-14 12:38 - 00061901 _____ () C:\Users\ElijahMC\Downloads\FRST.txt
2014-02-14 12:37 - 2014-02-14 12:38 - 00038672 _____ () C:\Users\ElijahMC\Downloads\Addition.txt
2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\Users\ElijahMC\Desktop\UsbFix_Report.txt
2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\UsbFix [Scan 2] ELIJAHMC-PC.txt
2014-02-14 12:08 - 2014-02-14 12:08 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-02-14 11:21 - 2014-02-14 11:21 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-02-14 08:54 - 2014-02-14 08:54 - 00003178 _____ () C:\Windows\System32\Tasks\{D91F73D6-6D70-4FC1-8B6E-BB3B5DD1C477}
2014-02-14 08:29 - 2014-02-14 08:29 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2014-02-14 06:01 - 2014-02-14 06:01 - 00000000 ____D () C:\Users\ElijahMC\Downloads\Revo Pro 3.0
2014-02-14 05:46 - 2014-02-14 05:46 - 00001033 _____ () C:\Users\ElijahMC\Desktop\Take_Ownership.zip
2014-02-14 05:46 - 2012-04-28 05:40 - 00001777 _____ () C:\Users\ElijahMC\Desktop\Add_Take_Ownership.reg
2014-02-14 05:46 - 2012-04-28 05:40 - 00001108 _____ () C:\Users\ElijahMC\Desktop\Remove_Take_Ownership.reg
2014-02-14 03:47 - 2014-02-14 12:27 - 00001448 _____ () C:\Users\ElijahMC\Desktop\UsbFix.lnk
2014-02-14 03:47 - 2014-02-14 03:48 - 00014186 _____ () C:\UsbFix [Scan 1] ELIJAHMC-PC.txt
2014-02-14 03:47 - 2014-02-14 03:47 - 00000000 ____D () C:\UsbFix
2014-02-14 03:46 - 2014-02-14 03:46 - 02203778 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\ElijahMC\Downloads\usbfix.exe
2014-02-14 03:01 - 2014-02-14 03:01 - 00125896 _____ () C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
2014-02-14 02:58 - 2014-02-14 02:58 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-14 02:58 - 2014-02-14 02:58 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-13 18:55 - 2014-02-15 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 18:53 - 2014-02-15 09:16 - 00000000 ____D () C:\Users\ElijahMC\Desktop\mbar
2014-02-13 18:49 - 2014-02-15 19:15 - 00000000 ____D () C:\AdwCleaner
2014-02-13 18:38 - 2014-02-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 14:45 - 2014-02-13 14:45 - 00000000 ____D () C:\SUPERDelete
2014-02-13 14:34 - 2014-02-14 08:51 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 14:31 - 2014-02-16 06:31 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
2014-02-13 14:31 - 2014-02-15 02:00 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
2014-02-13 14:31 - 2014-02-13 14:31 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b
2014-02-13 14:31 - 2014-02-13 14:31 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008
2014-02-13 14:31 - 2014-02-13 14:31 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
2014-02-13 14:30 - 2014-02-13 14:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-13 14:30 - 2014-02-13 14:30 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-13 14:30 - 2014-02-13 14:30 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-13 14:21 - 2014-02-13 14:24 - 17915664 _____ (SUPERAntiSpyware) C:\Users\ElijahMC\Downloads\SUPERAntiSpyware.exe
2014-02-13 13:36 - 2014-02-13 13:36 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\28050
2014-02-13 13:35 - 2014-02-13 13:35 - 00002637 _____ () C:\Users\ElijahMC\Desktop\Ins.txt
2014-02-13 13:12 - 2014-02-16 05:18 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\Adobe
2014-02-13 12:32 - 2014-02-13 12:36 - 00002048 _____ () C:\Uninstall.dat
2014-02-13 11:43 - 2014-02-13 11:44 - 00050688 _____ (Atribune.org) C:\Users\ElijahMC\Downloads\ATF-Cleaner.exe
2014-02-13 10:42 - 2014-02-13 10:42 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Downloads\mbam-clean-1.60.2.0003 (1).exe
2014-02-12 05:06 - 2014-02-12 05:06 - 02272768 _____ () C:\Users\ElijahMC\Downloads\chapter20_PC.ppt
2014-02-12 04:33 - 2014-02-12 04:55 - 00000385 _____ () C:\Users\ElijahMC\Downloads\Probset 2 (1).txt
2014-02-12 04:30 - 2014-02-12 04:30 - 00000367 _____ () C:\Users\ElijahMC\Downloads\Probset 2.txt
2014-02-12 03:05 - 2014-02-12 03:05 - 00000382 _____ () C:\Users\ElijahMC\Downloads\Probset 2 with M.txt
2014-02-11 16:50 - 2014-02-11 16:50 - 01535069 _____ () C:\Users\ElijahMC\Documents\Print.skp
2014-02-11 09:45 - 2014-02-11 09:48 - 09781042 _____ () C:\Users\ElijahMC\Downloads\Centralized Terminal.skp
2014-02-11 09:41 - 2014-02-11 09:41 - 01043121 _____ () C:\Users\ElijahMC\Downloads\ShuttleBus.skp
2014-02-10 23:00 - 2014-02-10 23:00 - 00000000 ____D () C:\ProgramData\ALM
2014-02-10 22:46 - 2012-06-28 08:35 - 00087040 _____ () C:\Users\ElijahMC\Desktop\xf-mccs6-keygen.exe
2014-02-10 21:36 - 2014-02-10 22:50 - 00001522 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-02-10 21:30 - 2014-02-10 21:32 - 00973603 _____ () C:\Users\ElijahMC\Downloads\52f8d489098c2.zip
2014-02-10 16:34 - 2014-02-10 16:34 - 00777877 _____ () C:\Users\ElijahMC\Documents\Grid.skp
2014-02-10 10:52 - 2014-02-10 10:52 - 00001922 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-10 10:46 - 2014-02-16 11:04 - 00000051 _____ () C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
2014-02-10 10:13 - 2014-02-10 10:13 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
2014-02-10 10:12 - 2014-02-11 02:42 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-02-10 10:11 - 2014-02-14 02:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-08 21:13 - 2014-02-08 21:13 - 00000000 ____D () C:\ProgramData\Nexon
2014-02-08 10:02 - 2014-02-08 10:02 - 00000000 _____ () C:\asc_rdflag
2014-02-06 17:44 - 2014-02-06 17:44 - 00000000 ____D () C:\Users\ElijahMC\Documents\AutoCAD Sheet Sets
2014-02-06 10:17 - 2014-02-06 11:03 - 210451521 _____ () C:\Users\ElijahMC\Downloads\ManualPatcherv145.exe
2014-02-06 10:14 - 2014-02-06 10:14 - 00055534 _____ () C:\Users\ElijahMC\Downloads\Dodu Queen Bed.skp
2014-02-06 10:13 - 2014-02-06 10:15 - 05394448 _____ () C:\Users\ElijahMC\Downloads\BED.skp
2014-02-06 10:12 - 2014-02-06 10:14 - 10131335 _____ () C:\Users\ElijahMC\Downloads\Untitled (3).skp
2014-02-04 09:12 - 2014-02-04 09:12 - 02362286 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skb
2014-02-04 09:12 - 2014-02-04 09:12 - 02325072 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skp
2014-02-04 09:08 - 2014-02-04 09:08 - 00908629 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skb
2014-02-04 09:08 - 2014-02-04 09:08 - 00640022 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skp
2014-01-30 08:46 - 2014-01-30 08:46 - 00335824 _____ () C:\Users\ElijahMC\Downloads\Lumion_3_2_1_Free_Download.exe
2014-01-29 18:16 - 2014-01-29 19:03 - 01554699 _____ () C:\Users\Public\ARCH33_CATBAGAN_121813.bak
2014-01-29 17:59 - 2014-01-29 17:59 - 00000885 _____ () C:\Users\Public\Arch 33 - Shortcut.lnk
2014-01-29 16:46 - 2014-01-29 16:49 - 00001558 _____ () C:\Users\Public\Arch 22 - Shortcut.lnk
2014-01-29 11:13 - 2014-01-29 11:13 - 00000000 ____D () C:\Users\ElijahMC\Downloads\nvidiaInspector
2014-01-29 09:43 - 2014-01-29 13:23 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\BatteryBar
2014-01-29 09:43 - 2014-01-29 09:43 - 00000000 ____D () C:\Program Files\BatteryBar
2014-01-29 09:42 - 2014-01-29 09:42 - 01313128 _____ () C:\Users\ElijahMC\Downloads\BatteryBarSetup-3.6.3.exe
2014-01-24 01:19 - 2013-12-28 02:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-24 01:19 - 2013-12-28 02:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-20 22:54 - 2014-01-20 23:42 - 07608665 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skb
2014-01-20 22:41 - 2014-01-20 23:43 - 07593516 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skp
2014-01-19 12:25 - 2014-01-19 12:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune
2014-01-19 12:24 - 2014-01-19 12:24 - 00642632 _____ (EFD Software ) C:\Users\ElijahMC\Downloads\hdtune_255.exe
2014-01-19 05:08 - 2014-01-19 05:08 - 00000192 _____ () C:\Users\Public\Desktop\MapleStory.url
2014-01-18 22:46 - 2014-01-18 22:46 - 00003514 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ElijahMC-PC-ElijahMC
2014-01-18 03:05 - 2014-01-19 05:04 - 00000000 ____D () C:\Nexon
2014-01-18 03:05 - 2014-01-18 03:05 - 00000000 ____D () C:\ProgramData\NexonUS
2014-01-17 09:54 - 2014-01-17 09:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 09:27 - 2014-01-17 09:29 - 29141928 _____ (Oracle Corporation) C:\Users\ElijahMC\Downloads\jre-7u51-windows-i586.exe

==================== One Month Modified Files and Folders =======

2014-02-16 17:38 - 2014-02-16 17:38 - 29097984 _____ () C:\Windows\system32\config\system.bdkup
2014-02-16 17:38 - 2014-02-16 17:38 - 119422976 _____ () C:\Windows\system32\config\software.bdkup
2014-02-16 17:38 - 2013-02-02 18:01 - 00000000 ____D () C:\Users\ElijahMC
2014-02-16 11:40 - 2014-02-16 11:40 - 00034430 _____ () C:\Users\ElijahMC\Desktop\FRST.txt
2014-02-16 11:40 - 2014-02-16 11:40 - 00000000 ____D () C:\FRST
2014-02-16 11:40 - 2014-02-16 11:39 - 02152960 _____ (Farbar) C:\Users\ElijahMC\Desktop\FRST64.exe
2014-02-16 11:33 - 2014-02-16 11:32 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ElijahMC\Desktop\rkill.exe
2014-02-16 11:33 - 2013-12-28 12:25 - 00002400 _____ () C:\Users\ElijahMC\Desktop\Rkill.txt
2014-02-16 11:28 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 11:28 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 11:25 - 2009-07-14 13:13 - 00779966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 11:24 - 2013-04-30 14:16 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\GarenaPlus
2014-02-16 11:24 - 2013-04-30 14:16 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-02-16 11:23 - 2013-02-03 09:57 - 01903566 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 11:22 - 2013-02-03 20:41 - 00000000 ___RD () C:\Users\ElijahMC\Dropbox
2014-02-16 11:22 - 2013-02-03 20:36 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Dropbox
2014-02-16 11:21 - 2014-02-16 11:06 - 00000000 ____D () C:\Program Files\Unlocker
2014-02-16 11:19 - 2014-02-15 18:33 - 00003376 _____ () C:\Windows\setupact.log
2014-02-16 11:19 - 2013-12-26 16:11 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_ElijahMC
2014-02-16 11:18 - 2013-02-02 18:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 11:18 - 2013-02-02 18:23 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-16 11:18 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 11:06 - 2014-02-16 11:06 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-02-16 11:04 - 2014-02-10 10:46 - 00000051 _____ () C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
2014-02-16 11:02 - 2014-02-16 11:02 - 00000000 ____D () C:\Users\ElijahMC\Desktop\Take_Ownership
2014-02-16 11:02 - 2013-02-02 18:53 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 11:01 - 2013-02-03 09:02 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job
2014-02-16 10:58 - 2013-02-07 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 10:27 - 2013-02-03 09:35 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\uTorrent
2014-02-16 10:14 - 2014-02-16 10:14 - 00019954 _____ () C:\Users\ElijahMC\Desktop\MBRCheck_02.16.14_10.14.09.txt
2014-02-16 10:13 - 2014-02-16 10:14 - 00080384 _____ () C:\Users\ElijahMC\Desktop\MBRCheck.exe
2014-02-16 10:08 - 2014-02-16 10:08 - 00000657 _____ () C:\Users\ElijahMC\Desktop\JRT.txt
2014-02-16 09:55 - 2014-02-16 09:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-16 06:31 - 2014-02-13 14:31 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
2014-02-16 05:18 - 2014-02-13 13:12 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\Adobe
2014-02-15 19:42 - 2014-02-15 18:40 - 00036452 _____ () C:\Windows\PFRO.log
2014-02-15 19:26 - 2013-03-05 23:54 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\QuickScan
2014-02-15 19:20 - 2014-02-15 19:20 - 00000920 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_PR_02152014_192038.txt
2014-02-15 19:20 - 2014-02-15 19:20 - 00000856 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_H_02152014_192034.txt
2014-02-15 19:20 - 2014-02-15 19:20 - 00000729 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_DN_02152014_192044.txt
2014-02-15 19:20 - 2014-02-15 19:18 - 00000000 ____D () C:\Users\ElijahMC\Desktop\RK_Quarantine
2014-02-15 19:19 - 2014-02-15 19:19 - 00002166 _____ () C:\Users\ElijahMC\Desktop\RKreport[0]_S_02152014_191947.txt
2014-02-15 19:17 - 2013-02-24 01:15 - 00000000 ____D () C:\Users\ElijahMC\Documents\CTI
2014-02-15 19:15 - 2014-02-13 18:49 - 00000000 ____D () C:\AdwCleaner
2014-02-15 19:03 - 2014-02-15 19:03 - 00149200 _____ () C:\Users\ElijahMC\Desktop\OTL.Txt
2014-02-15 19:03 - 2014-02-15 19:03 - 00140282 _____ () C:\Users\ElijahMC\Desktop\Extras.Txt
2014-02-15 18:55 - 2014-02-15 18:55 - 00602112 _____ (OldTimer Tools) C:\Users\ElijahMC\Desktop\OTL.exe
2014-02-15 18:47 - 2014-02-15 18:47 - 00000928 _____ () C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
2014-02-15 18:47 - 2014-02-15 18:47 - 00000909 _____ () C:\Users\ElijahMC\Desktop\ERUNT.lnk
2014-02-15 18:47 - 2014-02-15 18:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-15 18:47 - 2013-02-02 18:01 - 00000000 ___RD () C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-15 18:43 - 2014-02-14 21:20 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\CrashDumps
2014-02-15 18:42 - 2014-02-15 18:42 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Malwarebytes
2014-02-15 18:36 - 2013-12-27 09:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-15 18:33 - 2014-02-15 18:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 13:39 - 2014-02-15 19:32 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\ElijahMC\Desktop\tdsskiller.exe
2014-02-15 13:31 - 2014-02-15 13:31 - 00353352 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
2014-02-15 13:31 - 2014-02-15 13:31 - 00031009 _____ () C:\Users\ElijahMC\Desktop\CheckResults.txt
2014-02-15 13:24 - 2013-02-24 00:51 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F98C9401-FA9C-4FE8-B28B-9C1ED96A3716}
2014-02-15 13:21 - 2013-02-02 18:37 - 00143312 _____ () C:\Users\ElijahMC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 12:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 12:28 - 2013-12-28 13:33 - 00002862 _____ () C:\Users\ElijahMC\Desktop\unhide.txt
2014-02-15 09:16 - 2014-02-13 18:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-15 09:16 - 2014-02-13 18:53 - 00000000 ____D () C:\Users\ElijahMC\Desktop\mbar
2014-02-15 02:00 - 2014-02-13 14:31 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
2014-02-14 23:01 - 2013-02-03 09:02 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job
2014-02-14 13:05 - 2013-03-06 07:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-14 12:48 - 2014-02-14 12:48 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Test
2014-02-14 12:38 - 2014-02-14 12:37 - 00061901 _____ () C:\Users\ElijahMC\Downloads\FRST.txt
2014-02-14 12:38 - 2014-02-14 12:37 - 00038672 _____ () C:\Users\ElijahMC\Downloads\Addition.txt
2014-02-14 12:30 - 2013-02-03 18:25 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\vlc
2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\Users\ElijahMC\Desktop\UsbFix_Report.txt
2014-02-14 12:27 - 2014-02-14 12:27 - 00007100 _____ () C:\UsbFix [Scan 2] ELIJAHMC-PC.txt
2014-02-14 12:27 - 2014-02-14 03:47 - 00001448 _____ () C:\Users\ElijahMC\Desktop\UsbFix.lnk
2014-02-14 12:08 - 2014-02-14 12:08 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-02-14 11:21 - 2014-02-14 11:21 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-02-14 08:54 - 2014-02-14 08:54 - 00003178 _____ () C:\Windows\System32\Tasks\{D91F73D6-6D70-4FC1-8B6E-BB3B5DD1C477}
2014-02-14 08:52 - 2013-10-15 03:02 - 00143312 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-14 08:52 - 2009-07-14 11:20 - 00000000 ___RD () C:\Users\Default
2014-02-14 08:51 - 2014-02-13 14:34 - 00000000 ____D () C:\Windows\erdnt
2014-02-14 08:49 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-14 08:33 - 2013-02-24 01:35 - 00000000 ____D () C:\Users\ElijahMC\Downloads\token_orb_animated___coloured_by_kingmoeha-d35s5ae
2014-02-14 08:29 - 2014-02-14 08:29 - 01440846 _____ () C:\Users\ElijahMC\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2014-02-14 06:05 - 2013-03-06 08:43 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-14 06:01 - 2014-02-14 06:01 - 00000000 ____D () C:\Users\ElijahMC\Downloads\Revo Pro 3.0
2014-02-14 05:46 - 2014-02-14 05:46 - 00001033 _____ () C:\Users\ElijahMC\Desktop\Take_Ownership.zip
2014-02-14 04:29 - 2013-04-09 12:28 - 00000000 ____D () C:\ProgramData\Uniblue
2014-02-14 03:48 - 2014-02-14 03:47 - 00014186 _____ () C:\UsbFix [Scan 1] ELIJAHMC-PC.txt
2014-02-14 03:47 - 2014-02-14 03:47 - 00000000 ____D () C:\UsbFix
2014-02-14 03:46 - 2014-02-14 03:46 - 02203778 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\ElijahMC\Downloads\usbfix.exe
2014-02-14 03:01 - 2014-02-14 03:01 - 00125896 _____ () C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
2014-02-14 02:58 - 2014-02-14 02:58 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-14 02:58 - 2014-02-14 02:58 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-14 02:58 - 2014-02-10 10:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-13 18:39 - 2014-02-16 09:59 - 01166132 _____ () C:\Users\ElijahMC\Desktop\AdwCleaner.exe
2014-02-13 18:38 - 2014-02-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 18:37 - 2014-02-16 09:59 - 01037530 _____ (Thisisu) C:\Users\ElijahMC\Desktop\JRT.exe
2014-02-13 18:29 - 2013-12-15 21:10 - 00000874 _____ () C:\Users\ElijahMC\Desktop\Lumion 3.0.1.lnk
2014-02-13 18:28 - 2013-10-04 16:44 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\Akamai
2014-02-13 14:45 - 2014-02-13 14:45 - 00000000 ____D () C:\SUPERDelete
2014-02-13 14:45 - 2013-03-06 08:43 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\IObit
2014-02-13 14:41 - 2013-12-15 20:59 - 00000000 ____D () C:\Program Files\Lumion 3.0.1
2014-02-13 14:31 - 2014-02-13 14:31 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b
2014-02-13 14:31 - 2014-02-13 14:31 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008
2014-02-13 14:31 - 2014-02-13 14:31 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
2014-02-13 14:31 - 2014-02-13 14:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-13 14:30 - 2014-02-13 14:30 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-13 14:30 - 2014-02-13 14:30 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-13 14:24 - 2014-02-13 14:21 - 17915664 _____ (SUPERAntiSpyware) C:\Users\ElijahMC\Downloads\SUPERAntiSpyware.exe
2014-02-13 13:48 - 2014-01-13 08:14 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\dxhr
2014-02-13 13:36 - 2014-02-13 13:36 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\28050
2014-02-13 13:35 - 2014-02-13 13:35 - 00002637 _____ () C:\Users\ElijahMC\Desktop\Ins.txt
2014-02-13 12:36 - 2014-02-13 12:32 - 00002048 _____ () C:\Uninstall.dat
2014-02-13 11:44 - 2014-02-13 11:43 - 00050688 _____ (Atribune.org) C:\Users\ElijahMC\Downloads\ATF-Cleaner.exe
2014-02-13 11:22 - 2013-06-19 21:50 - 00039871 _____ () C:\Users\ElijahMC\Documents\plot.log
2014-02-13 10:42 - 2014-02-13 10:42 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ElijahMC\Downloads\mbam-clean-1.60.2.0003 (1).exe
2014-02-13 08:57 - 2013-02-03 00:05 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\cache
2014-02-13 00:57 - 2013-02-02 18:53 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 00:57 - 2013-02-02 18:53 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 00:19 - 2013-04-08 23:51 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\PrimoPDF
2014-02-12 20:30 - 2013-02-11 22:03 - 00000000 ____D () C:\Users\ElijahMC\Documents\My Received Files
2014-02-12 18:08 - 2013-02-02 18:23 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-12 05:06 - 2014-02-12 05:06 - 02272768 _____ () C:\Users\ElijahMC\Downloads\chapter20_PC.ppt
2014-02-12 04:55 - 2014-02-12 04:33 - 00000385 _____ () C:\Users\ElijahMC\Downloads\Probset 2 (1).txt
2014-02-12 04:30 - 2014-02-12 04:30 - 00000367 _____ () C:\Users\ElijahMC\Downloads\Probset 2.txt
2014-02-12 03:05 - 2014-02-12 03:05 - 00000382 _____ () C:\Users\ElijahMC\Downloads\Probset 2 with M.txt
2014-02-11 16:50 - 2014-02-11 16:50 - 01535069 _____ () C:\Users\ElijahMC\Documents\Print.skp
2014-02-11 14:40 - 2013-10-25 00:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-11 09:48 - 2014-02-11 09:45 - 09781042 _____ () C:\Users\ElijahMC\Downloads\Centralized Terminal.skp
2014-02-11 09:41 - 2014-02-11 09:41 - 01043121 _____ () C:\Users\ElijahMC\Downloads\ShuttleBus.skp
2014-02-11 08:30 - 2009-07-14 12:45 - 05204184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 02:43 - 2013-02-02 23:44 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Rainmeter
2014-02-11 02:42 - 2014-02-10 10:12 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-02-11 02:42 - 2013-03-06 08:43 - 00000000 ____D () C:\ProgramData\IObit
2014-02-11 02:41 - 2013-03-14 01:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-11 02:41 - 2013-03-05 23:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-11 02:41 - 2013-02-02 18:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-11 02:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-02-11 02:24 - 2010-11-21 15:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-10 23:09 - 2013-02-03 01:31 - 00000000 ____D () C:\Users\ElijahMC\Documents\Adobe
2014-02-10 23:00 - 2014-02-10 23:00 - 00000000 ____D () C:\ProgramData\ALM
2014-02-10 22:58 - 2013-10-25 00:33 - 00000000 ____D () C:\Program Files\Adobe
2014-02-10 22:50 - 2014-02-10 21:36 - 00001522 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-02-10 22:06 - 2013-02-02 18:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-10 22:05 - 2013-02-03 00:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-10 21:57 - 2013-05-09 21:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-10 21:32 - 2014-02-10 21:30 - 00973603 _____ () C:\Users\ElijahMC\Downloads\52f8d489098c2.zip
2014-02-10 16:34 - 2014-02-10 16:34 - 00777877 _____ () C:\Users\ElijahMC\Documents\Grid.skp
2014-02-10 10:52 - 2014-02-10 10:52 - 00001922 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-10 10:52 - 2013-02-02 18:52 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-10 10:13 - 2014-02-10 10:13 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
2014-02-08 21:13 - 2014-02-08 21:13 - 00000000 ____D () C:\ProgramData\Nexon
2014-02-08 10:02 - 2014-02-08 10:02 - 00000000 _____ () C:\asc_rdflag
2014-02-08 10:02 - 2014-01-07 07:00 - 119422976 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-02-08 10:02 - 2014-01-07 07:00 - 00307200 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-02-08 10:02 - 2014-01-07 07:00 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-02-08 10:02 - 2014-01-07 07:00 - 00032768 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-02-06 17:44 - 2014-02-06 17:44 - 00000000 ____D () C:\Users\ElijahMC\Documents\AutoCAD Sheet Sets
2014-02-06 11:03 - 2014-02-06 10:17 - 210451521 _____ () C:\Users\ElijahMC\Downloads\ManualPatcherv145.exe
2014-02-06 10:15 - 2014-02-06 10:13 - 05394448 _____ () C:\Users\ElijahMC\Downloads\BED.skp
2014-02-06 10:14 - 2014-02-06 10:14 - 00055534 _____ () C:\Users\ElijahMC\Downloads\Dodu Queen Bed.skp
2014-02-06 10:14 - 2014-02-06 10:12 - 10131335 _____ () C:\Users\ElijahMC\Downloads\Untitled (3).skp
2014-02-05 22:59 - 2013-02-07 21:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 22:58 - 2013-02-07 21:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 22:58 - 2013-02-07 21:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 13:38 - 2013-10-08 12:56 - 00143312 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-02-04 09:12 - 2014-02-04 09:12 - 02362286 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skb
2014-02-04 09:12 - 2014-02-04 09:12 - 02325072 _____ () C:\Users\ElijahMC\Downloads\retro sofa.skp
2014-02-04 09:08 - 2014-02-04 09:08 - 00908629 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skb
2014-02-04 09:08 - 2014-02-04 09:08 - 00640022 _____ () C:\Users\ElijahMC\Downloads\bamboo living room set.skp
2014-02-02 13:30 - 2013-08-03 12:45 - 00000000 ____D () C:\Users\ElijahMC\Downloads\BoL Studio
2014-02-02 12:48 - 2013-02-03 00:04 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-01-31 00:51 - 2013-02-03 02:12 - 00000000 ____D () C:\Windows\Minidump
2014-01-30 08:46 - 2014-01-30 08:46 - 00335824 _____ () C:\Users\ElijahMC\Downloads\Lumion_3_2_1_Free_Download.exe
2014-01-29 19:03 - 2014-01-29 18:16 - 01554699 _____ () C:\Users\Public\ARCH33_CATBAGAN_121813.bak
2014-01-29 18:04 - 2013-11-18 00:11 - 00169472 ___SH () C:\Users\Public\Thumbs.db
2014-01-29 17:59 - 2014-01-29 17:59 - 00000885 _____ () C:\Users\Public\Arch 33 - Shortcut.lnk
2014-01-29 16:49 - 2014-01-29 16:46 - 00001558 _____ () C:\Users\Public\Arch 22 - Shortcut.lnk
2014-01-29 13:23 - 2014-01-29 09:43 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\BatteryBar
2014-01-29 11:13 - 2014-01-29 11:13 - 00000000 ____D () C:\Users\ElijahMC\Downloads\nvidiaInspector
2014-01-29 09:43 - 2014-01-29 09:43 - 00000000 ____D () C:\Program Files\BatteryBar
2014-01-29 09:42 - 2014-01-29 09:42 - 01313128 _____ () C:\Users\ElijahMC\Downloads\BatteryBarSetup-3.6.3.exe
2014-01-24 03:47 - 2013-02-20 01:42 - 00000000 ____D () C:\ProgramData\ASGVIS
2014-01-24 01:19 - 2013-02-02 18:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-21 10:53 - 2013-12-27 17:55 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 10:53 - 2013-12-27 17:55 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-20 23:43 - 2014-01-20 22:41 - 07593516 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skp
2014-01-20 23:42 - 2014-01-20 22:54 - 07608665 _____ () C:\Users\ElijahMC\Documents\Quezon Hall.skb
2014-01-19 23:07 - 2013-10-24 23:55 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\Adobe
2014-01-19 12:52 - 2013-09-09 13:47 - 02569703 _____ () C:\Users\ElijahMC\AppData\Roaming\ICARE.LOG
2014-01-19 12:34 - 2013-12-27 08:36 - 00000498 _____ () C:\Users\ElijahMC\AppData\Roaming\ICARE_ACTIVITY.LOG
2014-01-19 12:25 - 2014-01-19 12:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune
2014-01-19 12:24 - 2014-01-19 12:24 - 00642632 _____ (EFD Software ) C:\Users\ElijahMC\Downloads\hdtune_255.exe
2014-01-19 12:18 - 2013-05-09 23:31 - 00000000 ____D () C:\Users\ElijahMC\AppData\Local\CrystalDiskMark
2014-01-19 05:08 - 2014-01-19 05:08 - 00000192 _____ () C:\Users\Public\Desktop\MapleStory.url
2014-01-19 05:04 - 2014-01-18 03:05 - 00000000 ____D () C:\Nexon
2014-01-18 22:46 - 2014-01-18 22:46 - 00003514 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ElijahMC-PC-ElijahMC
2014-01-18 03:05 - 2014-01-18 03:05 - 00000000 ____D () C:\ProgramData\NexonUS
2014-01-17 09:57 - 2013-12-27 10:58 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-01-17 09:54 - 2014-01-17 09:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 09:54 - 2013-10-25 18:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 09:54 - 2013-10-25 18:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 09:54 - 2013-10-25 18:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 09:29 - 2014-01-17 09:27 - 29141928 _____ (Oracle Corporation) C:\Users\ElijahMC\Downloads\jre-7u51-windows-i586.exe
2014-01-17 09:23 - 2013-12-27 10:58 - 00000000 ____D () C:\Users\ElijahMC\AppData\Roaming\SystemRequirementsLab

Files to move or delete:
====================
C:\ProgramData\.bf45c81f8dc8abfeecf09.dat
C:\Users\ElijahMC\jagex_cl_runescape_LIVE.dat
C:\Users\ElijahMC\random.dat

Some content of TEMP:
====================
C:\Users\ElijahMC\AppData\Local\Temp\bitool.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-09 17:19

==================== End Of Log ============================

Elijah Catbagan · Feb 15, 2014

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by ElijahMC at 2014-02-16 11:41:01
Running from C:\Users\ElijahMC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: - )
Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (x32 Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Management Tool (x32 Version: 6.2 - PainteR)
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Any Video Converter 5 5.0.3 (x32 Version: - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.1.5 - Apple Inc.)
ArchiCAD 16 INT (Version: 16.0 - GRAPHISOFT)
Assassin's Creed II (x32 Version: 1.01 - Ubisoft)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - English (Version: 7.5.17.0 - Autodesk) Hidden
AutoCAD Architecture 2014 Language Pack - English (Version: 7.5.17.0 - Autodesk) Hidden
Autodesk 360 (Version: 4.0.27.1 - Autodesk)
Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk App Manager (x32 Version: 1.1.0 - Autodesk)
Autodesk AutoCAD Architecture 2014 - English (Version: 7.5.17.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (Version: - Autodesk)
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (Version: - Autodesk)
Autodesk Featured Apps (x32 Version: 1.1.0 - Autodesk)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (Version: 15.0 - Autodesk)
Autodesk MatchMover 2013 64-bit (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Autodesk MotionBuilder 2013 64-bit (Version: 13.00.0000 - Autodesk)
Autodesk MotionBuilder 2013 64-bit (Version: 13.00.0000 - Autodesk) Hidden
Autodesk Mudbox 2013 64-bit (Version: 7.0.0.602 - Autodesk)
Autodesk Mudbox 2013 64-bit (Version: 7.0.0.602 - Autodesk) Hidden
Autodesk ReCap (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk Revit Architecture 2013 (Version: 12.02.21203 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (Version: 1.0.0.1 - Autodesk)
Autodesk SketchBook Designer 2013 (Version: 3.00.0000 - Autodesk)
Autodesk SketchBook Designer 2013 (Version: 3.00.0000 - Autodesk) Hidden
Autodesk Softimage 2013 64-bit (Version: 11.0.0000 - Autodesk) Hidden
avast! Free Antivirus (x32 Version: 8.0.1483.0 - AVAST Software)
BatteryBar (remove only) (Version: - )
Belarc Advisor 8.3 (x32 Version: 8.3.2.0 - Belarc Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Camera Recorder (x32 Version: 1.0.909.0801 - Camera Recorder)
CCleaner (Version: 4.10 - Piriform)
Cheat Engine 6.2 (x32 Version: - Dark Byte)
Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Red Alert™ 3 (x32 Version: 1.0.1.0 - Electronic Arts)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (x32 Version: 2.602.0 - THQ Inc.)
Composite 2013 64-bit (Version: 8.0.0 - Autodesk)
Core Temp 1.0 RC4 (Version: 1.0 - Alcpu)
CrystalDiskMark 3.0.2f Shizuku Edition (Version: 3.0.2f - Crystal Dew World)
Debut Video Capture Software (x32 Version: - NCH Software)
Deus ex Human Revolution version 1.0 (x32 Version: 1.0 - )
Dishonored (x32 Version: - )
DraftSight x64 (Version: 10.2.1010 - Dassault Systemes)
Dragon Age: Origins (x32 Version: 1.00 - Electronic Arts, Inc.)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EPSON ME 320 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON ME 340 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - Seiko Epson Corporation)
EPSON T13 T22E Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
ERUNT 1.1j (x32 Version: - Lars Hederer)
ESET Online Scanner v3 (x32 Version: - )
ETDWare PS/2-X64 8.0.5.7_WHQL (Version: 8.0.5.7 - ELAN Microelectronic Corp.)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.408.2 (x32 Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (x32 Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 4.8.2.25521 (x32 Version: - FARO Technologies)
Free Alarm Clock 2.5.0 (x32 Version: 2.5 - Comfort Software Group)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Globe Tattoo Broadband (x32 Version: 21.005.20.06.158 - Huawei Technologies Co.,Ltd)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GraphCalc v4.0.1 (x32 Version: - )
HD Tune 2.55 (x32 Version: - EFD Software)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.4.1441 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
IObit Apps Toolbar v8.6 (x32 Version: 8.6 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (x32 Version: 3.0.5.1101 - IObit)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (x32 Version: 6.0.320 - Oracle)
Lumion 3.0.1 (Version: 3.0.1 - Act-3D B.V.)
MapleStory (x32 Version: - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nexon Game Manager (x32 Version: - )
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
Onigiri_US (x32 Version: 1.00.0000 - CyberStep, Inc.)
ONIMUSHA3 PC (x32 Version: 1.00.000 - CAPCOM)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PosteRazor (x32 Version: 1.5.2 - Alessandro Portale)
PowerISO (x32 Version: 5.5 - Power Software Ltd)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5 - Nitro PDF Software)
Profiler 14 INT (x32 Version: 14.0 - Graphisoft)
Profiler 16 INT (x32 Version: 16.0 - Graphisoft)
progeCAD 2011 Professional (x32 Version: 11.0.2.9 - Progecad s.r.l.)
progeCAD Architecture (x32 Version: - progeCAD)
Proxy Switcher (x32 Version: 3.6.1 - Marco Wiedemeyer)
QuickTime (x32 Version: 7.71.80.42 - Apple Inc.)
Rainmeter (x32 Version: 2.5 beta r1792 - )
RAMDisk (x32 Version: 4.3.0.1 - Dataram, Inc.)
RAR Password Unlocker (x32 Version: - RAR Password Unlocker, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
RegSupreme (x32 Version: - Macecraft Software)
Revit Architecture 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit Architecture 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5 - VS Revo Group, Ltd.)
RocketDock 1.3.5 (x32 Version: - Punk Software)
S-Bar (x32 Version: 21.012.04278 - )
SevenZip (x32 Version: 9.20 - SevenZip)
Shaun White Skateboarding (x32 Version: 1.0 - Ubisoft)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SketchUp 2013 (x32 Version: 13.0.4124 - Trimble Navigation Limited)
SketchUp Import for AutoCAD 2014 (x32 Version: 1.1.0 - Autodesk)
SketchUp Pro 8 (x32 Version: 3.0.15158 - Trimble Navigation Limited)
Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
Smart Bro (x32 Version: 11.300.05.03.238 - Huawei Technologies Co.,Ltd)
Smart Defrag 2 (x32 Version: 2.8 - IObit)
SpeedFan (remove only) (x32 Version: - )
Stardock WindowBlinds (x32 Version: 8.02 - Stardock Software, Inc.)
Suite Exclusives Premium 2013 64-bit (Version: 5.3 - Autodesk)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
Surfing Protection (x32 Version: 1.0 - IObit)
System Requirements Lab for Intel (x32 Version: 4.5.22.0 - Husdawg, LLC)
The Sims™ 3 (x32 Version: 1.63.5 - Electronic Arts)
Turtle for Maya Premium 2013 64-bit (Version: 5.3 - Autodesk)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
UsbFix (x32 Version: 7.164 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
Vegas Pro 12.0 (64-bit) (Version: 12.0.486 - Sony)
VideoPad Video Editor (x32 Version: - NCH Software)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
V-Ray for SketchUp (x32 Version: 1.49.02 - Chaos Group, LLC)
WebCam Recorder (x32 Version: - )
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))
Yahoo! Install Manager (x32 Version: - )
Yahoo! Messenger (x32 Version: - Yahoo! Inc.)
Yahoo! Software Update (x32 Version: - )
Yahoo! Toolbar (x32 Version: - Yahoo! Inc.)
Yawcam 0.4.0 (x32 Version: - )
YTD Toolbar v8.6 (x32 Version: 8.6 - Spigot, Inc.)
YTD Video Downloader 4.0 (x32 Version: 4.0 - GreenTree Applications SRL)

==================== Restore Points =========================

13-02-2014 19:04:02 ComboFix created restore point
13-02-2014 22:03:58 Revo Uninstaller Pro's restore point - Advanced SystemCare 7
16-02-2014 03:04:48 Revo Uninstaller Pro's restore point - Malwarebytes' Anti-Malware

==================== Hosts content: ==========================

2009-07-14 10:34 - 2014-02-15 19:20 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C9106C1-38E0-446A-982F-2DBFACBB6DBB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03] (Facebook Inc.)
Task: {14DA0F75-156B-4D33-A263-101056DD5990} - System32\Tasks\Hoolapp For Android => C:\Users\ElijahMC\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {37BEB9E3-CA40-4DDE-AD43-633B94D39CE2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {47F7554C-0BEF-413A-98E0-39F1455ABAF1} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-06-30] (IObit)
Task: {51E46D39-B8E8-4FE2-8C57-01D4F76DAA99} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-07] (AVAST Software)
Task: {705BB0D1-54C9-4547-B563-98B8B754CC4A} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {74169384-6593-45CB-9AA0-D915E2305C2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
Task: {7C6A2EAE-5819-4043-BE1F-1AFA87C9145C} - System32\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {7C8B042F-2465-40C2-A7B9-EE49360B3139} - System32\Tasks\gg_uac_daemon_ElijahMC => D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe [2013-07-10] ()
Task: {94CF6E80-F9F4-4B4C-A458-ECFE95E1261A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {98DE231D-1B18-47FB-A0E7-501B5B335901} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {99E8B887-5D53-4A00-AF99-18F93E984E88} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03] (Facebook Inc.)
Task: {9B26E50C-175C-4EE3-80BF-57A012C0C14D} - System32\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
Task: {BCFDB88E-2F60-46E6-B835-FD40DF55B6F6} - System32\Tasks\AdobeAAMUpdater-1.0-ElijahMC-PC-ElijahMC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {C242168F-FC83-4831-B7C7-CC110D002830} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
Task: {C7F0B340-3A2D-465E-9970-E5F91423B1E1} - System32\Tasks\Core Temp Autostart ElijahMC => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {DADE8C3E-9282-433A-850B-859A7B90F062} - \Dealply No Task File
Task: {DC707229-4C05-40F7-87B6-BE942456C71B} - System32\Tasks\ASC7_SkipUac_ElijahMC => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: {ED192AC9-EACC-4F93-9ABC-756BDD4155C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F2BCA30B-5394-41D5-96A0-FA8A80337105} - System32\Tasks\gg_uac_daemon_Test => D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe [2013-07-10] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job => C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-07-13 09:00 - 2013-07-10 19:54 - 00049456 _____ () D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
2013-02-03 00:50 - 2012-10-14 21:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
2013-02-02 18:25 - 2012-03-26 17:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-03 00:11 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-04-30 17:24 - 2014-02-06 19:36 - 09890608 _____ () D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-12-20 00:36 - 2013-12-20 00:36 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-02-16 05:13 - 2014-02-15 23:57 - 02272256 _____ () C:\Program Files\AVAST Software\Avast\defs\14021501\algo.dll
2013-04-30 17:24 - 2013-08-23 17:10 - 00553776 _____ () D:\Applications\GarenaLoLPH\GameData\ggspawn.dll
2013-02-03 00:11 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-12-01 17:39 - 2013-12-01 17:38 - 00655712 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
2013-12-01 17:39 - 2013-12-01 17:38 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
2013-12-01 17:39 - 2013-12-01 17:38 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-01 17:39 - 2013-12-01 17:38 - 02415104 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
2013-12-01 17:39 - 2013-12-01 17:38 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
2013-12-01 17:39 - 2013-12-01 17:38 - 00835072 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QueryStrategy.dll
2013-12-01 17:39 - 2013-12-01 17:38 - 00398336 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtXml4.dll
2013-02-02 18:23 - 2012-03-15 12:48 - 00127320 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2011-09-15 06:19 - 2011-09-15 06:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2013-04-30 17:24 - 2013-01-30 16:26 - 00104752 _____ () D:\Applications\GarenaLoLPH\GameData\CommonLib.dll
2013-04-30 17:24 - 2013-02-07 17:11 - 00033584 _____ () D:\Applications\GarenaLoLPH\GameData\DibModule.dll
2013-04-30 17:24 - 2014-02-11 19:36 - 00027952 _____ () D:\Applications\GarenaLoLPH\GameData\VersionModule.dll
2013-04-30 17:24 - 2013-02-07 17:11 - 00051504 _____ () D:\Applications\GarenaLoLPH\GameData\FileLoader.dll
2013-04-30 17:24 - 2013-02-07 17:11 - 00087344 _____ () D:\Applications\GarenaLoLPH\GameData\PluginKernel.dll
2013-04-30 17:24 - 2013-03-07 10:10 - 00487216 _____ () D:\Applications\GarenaLoLPH\GameData\CxImage.dll
2013-04-30 17:24 - 2013-02-07 17:11 - 00025392 _____ () D:\Applications\GarenaLoLPH\GameData\PluginModule.dll
2013-04-30 17:26 - 2013-04-10 17:23 - 00170800 _____ () D:\Applications\GarenaLoLPH\GameData\lib\fs\YYFileSystem.dll
2013-04-30 17:26 - 2013-03-13 18:05 - 00374064 _____ () D:\Applications\GarenaLoLPH\GameData\lib\Http.dll
2013-04-30 17:26 - 2012-02-22 16:52 - 00178176 _____ () D:\Applications\GarenaLoLPH\GameData\lib\MP3Module.dll
2013-04-30 17:24 - 2012-02-22 16:52 - 00162304 _____ () D:\Applications\GarenaLoLPH\GameData\lame_enc.DLL
2013-04-30 17:26 - 2013-01-14 19:57 - 00219952 _____ () D:\Applications\GarenaLoLPH\GameData\lib\TaskManagerLib.dll
2013-04-30 17:26 - 2013-03-07 10:10 - 00106288 _____ () D:\Applications\GarenaLoLPH\GameData\lib\UILayout.dll
2013-04-30 17:26 - 2014-02-06 19:37 - 00957232 _____ () D:\Applications\GarenaLoLPH\GameData\lib\XLL.dll
2013-04-30 17:26 - 2012-09-13 14:19 - 00048640 _____ () D:\Applications\GarenaLoLPH\GameData\lib\XmlUIModule.dll
2013-04-30 17:24 - 2012-02-22 16:52 - 00573100 _____ () D:\Applications\GarenaLoLPH\GameData\sqlite3.dll
2013-04-30 17:26 - 2013-03-07 10:10 - 00224560 _____ () D:\Applications\GarenaLoLPH\GameData\Plugins\StatsPlugin.dll
2013-04-30 17:26 - 2014-01-20 16:50 - 00891184 _____ () D:\Applications\GarenaLoLPH\GameData\Plugins\ggplugin.dll
2013-04-30 17:24 - 2013-02-07 17:11 - 00192816 _____ () D:\Applications\GarenaLoLPH\GameData\ImageModule.dll
2013-04-30 21:53 - 2013-04-10 17:22 - 00155440 _____ () D:\Applications\GarenaLoLPH\GameData\libmpg123.dll
2013-04-30 17:24 - 2013-01-30 16:26 - 02941232 _____ () D:\Applications\GarenaLoLPH\GameData\ggdownloader.dll
2013-04-30 17:26 - 2012-04-13 11:12 - 00059392 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\AudioMixerLib.dll
2013-04-30 17:26 - 2012-07-27 14:59 - 00010240 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\ClientTcp.dll
2013-04-30 17:26 - 2013-07-15 22:29 - 01545520 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\FileSender.dll
2013-04-30 17:24 - 2013-02-01 13:42 - 00153088 _____ () D:\Applications\GarenaLoLPH\GameData\libzmq.dll
2013-04-30 17:26 - 2013-09-20 19:12 - 00956208 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\GaFileTransfer.dll
2013-04-30 17:26 - 2012-04-24 09:19 - 00238592 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\MediaEngine.dll
2013-04-30 17:24 - 2012-04-13 11:12 - 00019968 _____ () D:\Applications\GarenaLoLPH\GameData\ServerMemAlloc.dll
2013-04-30 17:26 - 2012-03-08 16:56 - 00510464 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\RSALib.dll
2013-04-30 17:26 - 2012-07-27 14:59 - 00061952 _____ () D:\Applications\GarenaLoLPH\GameData\lib\delay_load\UdtLib.dll
2013-06-09 00:30 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\libcef.dll
2013-04-09 18:22 - 2013-04-09 18:22 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7ef6cbe83c4dbe6a45a7b60fe10c509e\PSIClient.ni.dll
2013-02-02 18:23 - 2012-03-06 15:27 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-04 08:56 - 2014-02-02 07:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 08:56 - 2014-02-02 07:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 08:56 - 2014-02-02 07:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 08:56 - 2014-02-02 07:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 08:56 - 2014-02-02 07:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 08:56 - 2014-02-02 07:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\Users\ElijahMC\AppData\Local\Temporary Internet Files:dIca0npz5fm8PWQnsylN1lB

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NBF => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nbf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectedStorage => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sglfb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tga.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: EPSON ME 320 Series (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGC.EXE /FU "C:\Windows\TEMP\E_SC8CE.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Q-Face agent => C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: TSSTcorp CDDVDW SN-208AB SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2014 11:21:52 AM) (Source: Microsoft-Windows-RestartManager) (User: ElijahMC-PC)
Description: Application or service 'Windows Explorer' could not be shut down.

Error: (02/16/2014 11:19:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/16/2014 11:20:28 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2014 11:20:11 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
PxHlpa64

Error: (02/16/2014 11:19:20 AM) (Source: Service Control Manager) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error:
%%1053

Error: (02/16/2014 11:19:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.

Microsoft Office Sessions:
=========================
Error: (02/16/2014 11:21:52 AM) (Source: Microsoft-Windows-RestartManager)(User: ElijahMC-PC)
Description: 1C:\Windows\explorer.exeWindows Explorer0411719800

Error: (02/16/2014 11:19:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-02-14 08:45:43.337
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-14 08:45:43.332
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 16280.95 MB
Available physical RAM: 12803.59 MB
Total Pagefile: 32560.09 MB
Available Pagefile: 28886.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:39.54 GB) NTFS
Drive d: () (Fixed) (Total:454.49 GB) (Free:62.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: ADB1D01C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Feb 15, 2014

Uninstall IObit Apps Toolbar v8.6.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Elijah Catbagan · Feb 15, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by ElijahMC at 2014-02-16 12:11:16 Run:1
Running from C:\Users\ElijahMC\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
CHR Plugin: (Advanced SystemCare 6) - C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\.bf45c81f8dc8abfeecf09.dat
C:\Users\ElijahMC\jagex_cl_runescape_LIVE.dat
C:\Users\ElijahMC\random.dat
C:\Users\ElijahMC\AppData\Local\Temp\bitool.dll
Task: {9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
Task: {DC707229-4C05-40F7-87B6-BE942456C71B} - System32\Tasks\ASC7_SkipUac_ElijahMC => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\Users\ElijahMC\AppData\Local\Temporary Internet Files:dIca0npz5fm8PWQnsylN1lB

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\.bf45c81f8dc8abfeecf09.dat => Moved successfully.
C:\Users\ElijahMC\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\ElijahMC\random.dat => Moved successfully.
C:\Users\ElijahMC\AppData\Local\Temp\bitool.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D5A8E09-3991-4CDF-9F27-DE0EE01FC200} => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC707229-4C05-40F7-87B6-BE942456C71B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC707229-4C05-40F7-87B6-BE942456C71B} => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_SkipUac_ElijahMC => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_ElijahMC => Key deleted successfully.
C:\ProgramData\TEMP => ":553CA6CA" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
"C:\Users\ElijahMC\AppData\Local\Temporary Internet Files" => ":dIca0npz5fm8PWQnsylN1lB" ADS not found.

==== End of Fixlog ====

Broni · Feb 15, 2014

Download RogueKiller from one of the following links and save it to your Desktop:

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Elijah Catbagan · Feb 16, 2014

RKreport-1

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ElijahMC [Admin rights]
Mode : Scan -- Date : 02/16/2014 12:18:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Hoolapp For Android : C:\Users\ElijahMC\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54757 SCSI Disk Device +++++
--- User ---
[MBR] 4206a0566ccfb30004c1140eb5d1c50e
[BSP] 699c2b6917442d911660fc0346d89c68 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 465401 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02162014_121843.txt >>

RKreport-2

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ElijahMC [Admin rights]
Mode : Remove -- Date : 02/16/2014 12:19:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Hoolapp For Android : C:\Users\ElijahMC\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA Hitachi HTS54757 SCSI Disk Device +++++
--- User ---
[MBR] 4206a0566ccfb30004c1140eb5d1c50e
[BSP] 699c2b6917442d911660fc0346d89c68 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 465401 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_02162014_121918.txt >>
RKreport[0]_S_02162014_121843.txt

Elijah Catbagan · Feb 16, 2014

mbar-log

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ElijahMC :: ELIJAHMC-PC [administrator]

2/16/2014 12:24:32 PM
mbar-log-2014-02-16 (12-24-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328221
Time elapsed: 36 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Broni · Feb 16, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Solved MBAM cannot install. Access is denied

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 33 +0

Posts: 33 +0

Posts: 56,041 +516

Attachments

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 33 +0

Posts: 56,041 +516

Similar threads