Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
C:\Windows\SysWOW64\dllhost.exe Malwarebytes Anti-Malware Website Exclusion
Message
<blockquote data-quote="jainwu" data-source="post: 326032" data-attributes="member: 32653"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014</p><p>Ran by etaitingi (administrator) on ETAITINGI-PC on 01-01-2015 12:28:24</p><p>Running from C:\Users\etaitingi\Desktop\New folder (2)</p><p>Loaded Profile: etaitingi (Available profiles: etaitingi & Classic .NET AppPool & DefaultAppPool)</p><p>Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe</p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe</p><p>(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>() C:\Windows\SysWOW64\PnkBstrA.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe</p><p>(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe</p><p>(Akamai Technologies, Inc.) C:\Users\etaitingi\AppData\Local\Akamai\netsession_win.exe</p><p>(Akamai Technologies, Inc.) C:\Users\etaitingi\AppData\Local\Akamai\netsession_win.exe</p><p>() C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe</p><p>(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe</p><p>(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe</p><p>(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(Dropbox, Inc.) C:\Users\etaitingi\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>() C:\Program Files\Rainmeter\Rainmeter.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2012-12-01] (Realtek Semiconductor)</p><p>HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)</p><p>HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)</p><p>HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [UtechSmartMouseExRun] => C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe [3511808 2013-04-12] ()</p><p>HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)</p><p>HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)</p><p>HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()</p><p>HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)</p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)</p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033</p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Run: [Akamai NetSession Interface] => C:\Users\etaitingi\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)</p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Policies\Explorer: [] </p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\MountPoints2: {f884d6b1-7c93-11e2-8561-bcaec562e13d} - E:\setup.exe</p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION </p><p>Startup: C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\always-on-top.exe ()</p><p>Startup: C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>ShortcutTarget: Dropbox.lnk -> C:\Users\etaitingi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>Startup: C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk</p><p>ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer: [S-1-5-21-3487606431-2585306804-1172178952-1000] => 58.26.17.198:80</p><p>HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>SearchScopes: HKLM-x32 -> DefaultScope value is missing.</p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-3487606431-2585306804-1172178952-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = </p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)</p><p>Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)</p><p>Hosts: 127.0.0.1 validation.sls.microsoft.com</p><p>Tcpip\..\Interfaces\{310740DA-E994-4DCA-9184-4C62DD04D865}: [NameServer] 8.8.8.8,8.8.4.4</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\etaitingi\AppData\Roaming\Mozilla\Firefox\Profiles\7abao35w.default</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)</p><p>FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)</p><p>FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)</p><p>FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File</p><p>FF Plugin HKU\S-1-5-21-3487606431-2585306804-1172178952-1000: @citrixonline.com/appdetectorplugin -> C:\Users\etaitingi\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)</p><p>FF Plugin HKU\S-1-5-21-3487606431-2585306804-1172178952-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\etaitingi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll (National Instruments)</p><p>FF Extension: Cookies Manager+ - C:\Users\etaitingi\AppData\Roaming\Mozilla\Firefox\Profiles\7abao35w.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2014-05-11]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()</p><p>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File</p><p>CHR Profile: C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Magic Actions for YouTube™) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-09-24]</p><p>CHR Extension: (Google Drive) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-01]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]</p><p>CHR Extension: (YouTube) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-01]</p><p>CHR Extension: (Google Search) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-01]</p><p>CHR Extension: (Tampermonkey) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-09-01]</p><p>CHR Extension: (LoL Stream Browser) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2013-06-05]</p><p>CHR Extension: (AdBlock) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-11]</p><p>CHR Extension: (LiveReload) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnihajbhpnppcggbcgedagnkighmdlei [2014-06-18]</p><p>CHR Extension: (Reddit Enhancement Suite) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-12-03]</p><p>CHR Extension: (Google Wallet) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]</p><p>CHR Extension: (Gmail) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-01]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)</p><p>S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-04-08] () [File not signed]</p><p>R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)</p><p>S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)</p><p>S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)</p><p>S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)</p><p>R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)</p><p>R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)</p><p>S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation)</p><p>S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation)</p><p>S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)</p><p>S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)</p><p>S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)</p><p>R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)</p><p>S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)</p><p>S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation)</p><p>S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4199520 2012-03-06] (INCA Internet Co., Ltd.) [File not signed]</p><p>R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-30] ()</p><p>S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)</p><p>S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)</p><p>R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)</p><p>R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)</p><p>S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-22] (DT Soft Ltd)</p><p>S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)</p><p>R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [135384 2015-01-01] (Malwarebytes Corporation)</p><p>S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)</p><p>R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)</p><p>R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)</p><p>R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)</p><p>S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments) [File not signed]</p><p>R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()</p><p>S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]</p><p>S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]</p><p>S3 MSICDSetup; \??\D:\CDriver64.sys [X]</p><p>S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]</p><p>S3 tsusbhub; system32\drivers\tsusbhub.sys [X]</p><p>S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p>S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-01 11:56 - 2015-01-01 12:28 - 00000000 ____D () C:\Users\etaitingi\Desktop\New folder (2)</p><p>2015-01-01 00:51 - 2015-01-01 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2015-01-01 00:49 - 2015-01-01 00:49 - 00000000 ____D () C:\Users\etaitingi\New folder</p><p>2014-12-31 22:38 - 2014-12-31 22:40 - 00053710 _____ () C:\Users\etaitingi\Desktop\Addition.txt</p><p>2014-12-31 22:37 - 2014-12-31 22:40 - 00033038 _____ () C:\Users\etaitingi\Desktop\FRST.txt</p><p>2014-12-31 22:36 - 2015-01-01 12:28 - 00000000 ____D () C:\FRST</p><p>2014-12-31 11:49 - 2014-12-31 11:49 - 00015872 _____ () C:\Users\etaitingi\AppData\Roaming\chatterer.fye</p><p>2014-12-20 14:36 - 2014-12-20 14:36 - 00000000 ____D () C:\Users\etaitingi\Desktop\avatarmag06_scans</p><p>2014-12-17 03:00 - 2014-12-17 03:03 - 00000000 ____D () C:\Users\etaitingi\Downloads\Taylor Swift - 1989 (Deluxe Edition) (2014) [MP3 @ Real 320 KBPS]</p><p>2014-12-17 02:36 - 2014-12-17 02:57 - 00000000 ____D () C:\Users\etaitingi\Downloads\James Newton Howard - The Hunger Games Mockingjay Pt.1 (OTS) 320 KBPS [GloDLS]</p><p>2014-12-17 02:01 - 2014-12-17 02:37 - 00000000 ____D () C:\Users\etaitingi\Downloads\The Hunger Games Mockingjay, Pt. 1 (OST)</p><p>2014-12-15 12:51 - 2014-12-15 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi</p><p>2014-12-15 12:51 - 2014-12-15 12:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi</p><p>2014-12-14 00:09 - 2014-12-14 00:22 - 1339995603 _____ () C:\Users\etaitingi\Desktop\marco.polo.2014.s01e02.720p.webrip.x264-2hd.mkv</p><p>2014-12-13 23:17 - 2014-12-13 23:30 - 1128881068 _____ () C:\Users\etaitingi\Downloads\Marco.Polo.2014.S01E07.720p.WEBRIP.x264-2HD.mkv</p><p>2014-12-13 23:11 - 2014-12-13 23:40 - 1085618835 _____ () C:\Users\etaitingi\Downloads\marco.polo.2014.s01e01.720p.webrip.x264-2hd.mkv</p><p>2014-12-13 22:58 - 2014-12-13 23:15 - 00000000 ____D () C:\Users\etaitingi\Downloads\Marco.Polo.2014.S01E05.720p.WEBRIP.x264-2HD[rarbg]</p><p>2014-12-06 23:29 - 2014-12-07 01:46 - 00000000 ____D () C:\ProgramData\Tunngle</p><p>2014-12-06 23:29 - 2014-12-06 23:29 - 00000000 ____D () C:\Users\Public\Documents\Tunngle</p><p>2014-12-06 23:29 - 2014-12-06 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle</p><p>2014-12-06 23:27 - 2014-12-06 23:27 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\etaitingi\Desktop\Tunngle_Setup_v5.0.exe</p><p>2014-12-04 23:20 - 2014-12-04 23:20 - 00022226 _____ () C:\Users\etaitingi\Desktop\stoker-english-yify-7086.zip</p><p>2014-12-04 22:36 - 2014-12-04 23:20 - 00000000 ____D () C:\Users\etaitingi\Downloads\Stoker (2013) [1080p]</p><p>2014-12-03 23:18 - 2014-12-07 00:05 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth</p><p>2014-12-03 23:18 - 2014-12-03 23:18 - 00001044 _____ () C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth.lnk</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-01 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv</p><p>2015-01-01 12:27 - 2013-01-14 14:28 - 00000000 __RHD () C:\Users\etaitingi\Desktop\Dropbox</p><p>2015-01-01 12:27 - 2013-01-14 14:03 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Dropbox</p><p>2015-01-01 12:27 - 2013-01-06 18:02 - 00000000 ____D () C:\Users\etaitingi\AppData\Local\LogMeIn Hamachi</p><p>2015-01-01 12:26 - 2012-12-01 03:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-01-01 12:26 - 2012-11-30 23:42 - 00599834 _____ () C:\Windows\PFRO.log</p><p>2015-01-01 12:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-01-01 12:26 - 2009-07-13 23:51 - 00152744 _____ () C:\Windows\setupact.log</p><p>2015-01-01 12:25 - 2012-11-30 06:56 - 01686422 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-01-01 12:21 - 2012-12-01 03:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-01-01 12:17 - 2014-03-31 16:19 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3487606431-2585306804-1172178952-1000.job</p><p>2015-01-01 11:59 - 2014-06-19 10:55 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-01-01 11:58 - 2014-06-19 10:55 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2015-01-01 02:00 - 2014-09-04 11:26 - 00000000 ____D () C:\Users\etaitingi\AppData\Local\Adobe</p><p>2015-01-01 00:49 - 2012-11-30 06:56 - 00000000 ____D () C:\Users\etaitingi</p><p>2015-01-01 00:46 - 2009-07-14 00:13 - 00876720 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-01-01 00:40 - 2012-12-02 14:16 - 00000000 ____D () C:\Program Files (x86)\Steam</p><p>2015-01-01 00:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions</p><p>2015-01-01 00:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat</p><p>2015-01-01 00:39 - 2012-12-02 14:17 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Skype</p><p>2014-12-31 22:50 - 2009-07-13 23:45 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-31 22:50 - 2009-07-13 23:45 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-31 21:49 - 2012-12-06 00:38 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\OBS</p><p>2014-12-31 13:36 - 2013-08-27 12:31 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\uTorrent</p><p>2014-12-23 22:46 - 2014-03-31 16:19 - 00003628 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3487606431-2585306804-1172178952-1000</p><p>2014-12-18 23:40 - 2014-01-21 21:01 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\vlc</p><p>2014-12-17 03:03 - 2014-02-09 02:43 - 00000000 ____D () C:\Users\etaitingi\Desktop\muus</p><p>2014-12-10 19:55 - 2013-01-14 14:04 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p>2014-12-07 13:12 - 2009-07-13 23:45 - 05014520 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-12-06 23:48 - 2012-11-30 07:03 - 00084960 _____ () C:\Users\etaitingi\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-12-06 23:29 - 2013-09-12 21:30 - 00000000 ____D () C:\Program Files (x86)\Tunngle</p><p>2014-12-06 23:29 - 2013-01-21 17:48 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Tunngle</p><p>2014-12-03 23:24 - 2013-06-27 18:17 - 00000000 ____D () C:\Users\etaitingi\AppData\Local\My Games</p><p>2014-12-03 23:24 - 2012-12-02 13:56 - 00000000 ____D () C:\Users\etaitingi\Documents\My Games</p><p>2014-12-02 14:16 - 2014-06-19 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-12-02 14:16 - 2014-06-19 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\etaitingi\javac.exe</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\etaitingi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp24ixen.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-12-25 14:29</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="jainwu, post: 326032, member: 32653"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by etaitingi (administrator) on ETAITINGI-PC on 01-01-2015 12:28:24 Running from C:\Users\etaitingi\Desktop\New folder (2) Loaded Profile: etaitingi (Available profiles: etaitingi & Classic .NET AppPool & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Akamai Technologies, Inc.) C:\Users\etaitingi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\etaitingi\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Dropbox, Inc.) C:\Users\etaitingi\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files\Rainmeter\Rainmeter.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2012-12-01] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [UtechSmartMouseExRun] => C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe [3511808 2013-04-12] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation) HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Run: [Akamai NetSession Interface] => C:\Users\etaitingi\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\MountPoints2: {f884d6b1-7c93-11e2-8561-bcaec562e13d} - E:\setup.exe HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION Startup: C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\always-on-top.exe () Startup: C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\etaitingi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3487606431-2585306804-1172178952-1000] => 58.26.17.198:80 HKU\S-1-5-21-3487606431-2585306804-1172178952-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://www.msn.com/?ocid=iehp[/url] SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3487606431-2585306804-1172178952-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation) Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation) Hosts: 127.0.0.1 validation.sls.microsoft.com Tcpip\..\Interfaces\{310740DA-E994-4DCA-9184-4C62DD04D865}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\etaitingi\AppData\Roaming\Mozilla\Firefox\Profiles\7abao35w.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File FF Plugin HKU\S-1-5-21-3487606431-2585306804-1172178952-1000: @citrixonline.com/appdetectorplugin -> C:\Users\etaitingi\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-3487606431-2585306804-1172178952-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\etaitingi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll (National Instruments) FF Extension: Cookies Manager+ - C:\Users\etaitingi\AppData\Roaming\Mozilla\Firefox\Profiles\7abao35w.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2014-05-11] Chrome: ======= CHR HomePage: Default -> hxxp://[url="http://www.google.com/"]www.google.com/[/url] CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Profile: C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Magic Actions for YouTube™) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-09-24] CHR Extension: (Google Drive) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (YouTube) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-01] CHR Extension: (Google Search) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-01] CHR Extension: (Tampermonkey) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-09-01] CHR Extension: (LoL Stream Browser) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2013-06-05] CHR Extension: (AdBlock) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-11] CHR Extension: (LiveReload) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnihajbhpnppcggbcgedagnkighmdlei [2014-06-18] CHR Extension: (Reddit Enhancement Suite) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-12-03] CHR Extension: (Google Wallet) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\etaitingi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-04-08] () [File not signed] R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation) S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation) S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4199520 2012-03-06] (INCA Internet Co., Ltd.) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-30] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-22] (DT Soft Ltd) S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [135384 2015-01-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments) [File not signed] R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 11:56 - 2015-01-01 12:28 - 00000000 ____D () C:\Users\etaitingi\Desktop\New folder (2) 2015-01-01 00:51 - 2015-01-01 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-01 00:49 - 2015-01-01 00:49 - 00000000 ____D () C:\Users\etaitingi\New folder 2014-12-31 22:38 - 2014-12-31 22:40 - 00053710 _____ () C:\Users\etaitingi\Desktop\Addition.txt 2014-12-31 22:37 - 2014-12-31 22:40 - 00033038 _____ () C:\Users\etaitingi\Desktop\FRST.txt 2014-12-31 22:36 - 2015-01-01 12:28 - 00000000 ____D () C:\FRST 2014-12-31 11:49 - 2014-12-31 11:49 - 00015872 _____ () C:\Users\etaitingi\AppData\Roaming\chatterer.fye 2014-12-20 14:36 - 2014-12-20 14:36 - 00000000 ____D () C:\Users\etaitingi\Desktop\avatarmag06_scans 2014-12-17 03:00 - 2014-12-17 03:03 - 00000000 ____D () C:\Users\etaitingi\Downloads\Taylor Swift - 1989 (Deluxe Edition) (2014) [MP3 @ Real 320 KBPS] 2014-12-17 02:36 - 2014-12-17 02:57 - 00000000 ____D () C:\Users\etaitingi\Downloads\James Newton Howard - The Hunger Games Mockingjay Pt.1 (OTS) 320 KBPS [GloDLS] 2014-12-17 02:01 - 2014-12-17 02:37 - 00000000 ____D () C:\Users\etaitingi\Downloads\The Hunger Games Mockingjay, Pt. 1 (OST) 2014-12-15 12:51 - 2014-12-15 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-15 12:51 - 2014-12-15 12:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-14 00:09 - 2014-12-14 00:22 - 1339995603 _____ () C:\Users\etaitingi\Desktop\marco.polo.2014.s01e02.720p.webrip.x264-2hd.mkv 2014-12-13 23:17 - 2014-12-13 23:30 - 1128881068 _____ () C:\Users\etaitingi\Downloads\Marco.Polo.2014.S01E07.720p.WEBRIP.x264-2HD.mkv 2014-12-13 23:11 - 2014-12-13 23:40 - 1085618835 _____ () C:\Users\etaitingi\Downloads\marco.polo.2014.s01e01.720p.webrip.x264-2hd.mkv 2014-12-13 22:58 - 2014-12-13 23:15 - 00000000 ____D () C:\Users\etaitingi\Downloads\Marco.Polo.2014.S01E05.720p.WEBRIP.x264-2HD[rarbg] 2014-12-06 23:29 - 2014-12-07 01:46 - 00000000 ____D () C:\ProgramData\Tunngle 2014-12-06 23:29 - 2014-12-06 23:29 - 00000000 ____D () C:\Users\Public\Documents\Tunngle 2014-12-06 23:29 - 2014-12-06 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2014-12-06 23:27 - 2014-12-06 23:27 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\etaitingi\Desktop\Tunngle_Setup_v5.0.exe 2014-12-04 23:20 - 2014-12-04 23:20 - 00022226 _____ () C:\Users\etaitingi\Desktop\stoker-english-yify-7086.zip 2014-12-04 22:36 - 2014-12-04 23:20 - 00000000 ____D () C:\Users\etaitingi\Downloads\Stoker (2013) [1080p] 2014-12-03 23:18 - 2014-12-07 00:05 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth 2014-12-03 23:18 - 2014-12-03 23:18 - 00001044 _____ () C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2015-01-01 12:27 - 2013-01-14 14:28 - 00000000 __RHD () C:\Users\etaitingi\Desktop\Dropbox 2015-01-01 12:27 - 2013-01-14 14:03 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Dropbox 2015-01-01 12:27 - 2013-01-06 18:02 - 00000000 ____D () C:\Users\etaitingi\AppData\Local\LogMeIn Hamachi 2015-01-01 12:26 - 2012-12-01 03:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-01 12:26 - 2012-11-30 23:42 - 00599834 _____ () C:\Windows\PFRO.log 2015-01-01 12:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-01 12:26 - 2009-07-13 23:51 - 00152744 _____ () C:\Windows\setupact.log 2015-01-01 12:25 - 2012-11-30 06:56 - 01686422 _____ () C:\Windows\WindowsUpdate.log 2015-01-01 12:21 - 2012-12-01 03:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-01 12:17 - 2014-03-31 16:19 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3487606431-2585306804-1172178952-1000.job 2015-01-01 11:59 - 2014-06-19 10:55 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 11:58 - 2014-06-19 10:55 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-01 02:00 - 2014-09-04 11:26 - 00000000 ____D () C:\Users\etaitingi\AppData\Local\Adobe 2015-01-01 00:49 - 2012-11-30 06:56 - 00000000 ____D () C:\Users\etaitingi 2015-01-01 00:46 - 2009-07-14 00:13 - 00876720 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-01 00:40 - 2012-12-02 14:16 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-01 00:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-01 00:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-01 00:39 - 2012-12-02 14:17 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Skype 2014-12-31 22:50 - 2009-07-13 23:45 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-31 22:50 - 2009-07-13 23:45 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-31 21:49 - 2012-12-06 00:38 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\OBS 2014-12-31 13:36 - 2013-08-27 12:31 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\uTorrent 2014-12-23 22:46 - 2014-03-31 16:19 - 00003628 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3487606431-2585306804-1172178952-1000 2014-12-18 23:40 - 2014-01-21 21:01 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\vlc 2014-12-17 03:03 - 2014-02-09 02:43 - 00000000 ____D () C:\Users\etaitingi\Desktop\muus 2014-12-10 19:55 - 2013-01-14 14:04 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-07 13:12 - 2009-07-13 23:45 - 05014520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-06 23:48 - 2012-11-30 07:03 - 00084960 _____ () C:\Users\etaitingi\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-06 23:29 - 2013-09-12 21:30 - 00000000 ____D () C:\Program Files (x86)\Tunngle 2014-12-06 23:29 - 2013-01-21 17:48 - 00000000 ____D () C:\Users\etaitingi\AppData\Roaming\Tunngle 2014-12-03 23:24 - 2013-06-27 18:17 - 00000000 ____D () C:\Users\etaitingi\AppData\Local\My Games 2014-12-03 23:24 - 2012-12-02 13:56 - 00000000 ____D () C:\Users\etaitingi\Documents\My Games 2014-12-02 14:16 - 2014-06-19 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-02 14:16 - 2014-06-19 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware Files to move or delete: ==================== C:\Users\etaitingi\javac.exe Some content of TEMP: ==================== C:\Users\etaitingi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp24ixen.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 14:29 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top