Solved Gameharbor.org Malware :<

teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Teffala (administrator) on THEBAE on 17-09-2014 17:37:53
Running from C:\Users\Teffala\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) F:\Program Files\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iCloud\iCloudServices.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iCloud\ApplePhotoStreams.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Mozilla Corporation) F:\Program Files\Program Files (x86)\Mozilla Firefox\firefox.exe
() F:\Program Files\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iCloud\APSDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) F:\Program Files\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-29] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [ISUSScheduler] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\Program Files\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [ISUSPM Startup] => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [iCloudServices] => F:\Program Files\Program Files (x86)\iCloud\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [ApplePhotoStreams] => F:\Program Files\Program Files (x86)\iCloud\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\MountPoints2: {7e8149c8-000b-11e4-951b-806e6f6e6963} - D:\Run.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: FIndBestDeAol -> {33853D01-3D37-06F1-0C7A-15419B34FC56} -> C:\ProgramData\FIndBestDeAol\_9eDVxyjl.x64.dll ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: ExstrAASavingS -> {9174fc32-d3d9-4903-b6ac-5930ec648474} -> C:\ProgramData\ExstrAASavingS\GTrRCnvfBidDoF.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: priacecchoP -> {C0C5FF19-3716-E73E-B4CA-9491FED19466} -> C:\Program Files (x86)\priacecchoP\soLZGsVLy.x64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adblocker -> {D1FEF046-95DA-9587-8D68-757F70041511} -> C:\Program Files (x86)\Adblocker\YqY.x64.dll ()
BHO-x32: FIndBestDeAol -> {33853D01-3D37-06F1-0C7A-15419B34FC56} -> C:\ProgramData\FIndBestDeAol\_9eDVxyjl.dll ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ExstrAASavingS -> {9174fc32-d3d9-4903-b6ac-5930ec648474} -> C:\ProgramData\ExstrAASavingS\GTrRCnvfBidDoF.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: priacecchoP -> {C0C5FF19-3716-E73E-B4CA-9491FED19466} -> C:\Program Files (x86)\priacecchoP\soLZGsVLy.dll ()
BHO-x32: Adblocker -> {D1FEF046-95DA-9587-8D68-757F70041511} -> C:\Program Files (x86)\Adblocker\YqY.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Program Files\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Teffala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: iCloud Bookmarks - C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default\Extensions\firefoxdav@icloud.com [2014-08-08]
FF Extension: Adblock Plus - C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.co.nz
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Profile: C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Norton Identity Protection) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-30]
CHR Extension: (YouTube) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-30]
CHR Extension: (Find My Bookmarks) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold [2014-09-10]
CHR Extension: (Google Search) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-30]
CHR Extension: (Share the Wealth) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea [2014-08-31]
CHR Extension: (Counter Strike Best Online Games Collection) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh [2014-09-14]
CHR Extension: (priccechop) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg [2014-08-31]
CHR Extension: (Iron Man Lego Adventures) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnogigepjacgjicmdgomidfjnmjkifbl [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR Extension: (Gmail) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-30]
CHR Extension: (priccechop) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg\3.9 [2014-08-31]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Teffala\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-09-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 GUP7Serv; C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [18512 2013-04-09] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2013-01-22] (Wireless) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-15] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-17] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140916.001\IDSvia64.sys [633560 2014-09-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140916.020\ENG64.SYS [129752 2014-09-17] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140916.020\EX64.SYS [2137304 2014-09-17] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] () [File not signed]
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 17:37 - 2014-09-17 17:38 - 00021005 _____ () C:\Users\Teffala\Downloads\FRST.txt
2014-09-17 17:37 - 2014-09-17 17:37 - 00000000 ____D () C:\FRST
2014-09-17 17:36 - 2014-09-17 17:37 - 02105856 _____ (Farbar) C:\Users\Teffala\Downloads\FRST64.exe
2014-09-17 17:26 - 2014-09-17 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-17 17:19 - 2014-09-17 17:19 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-09-17 16:30 - 2014-09-17 17:21 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-17 16:30 - 2014-09-17 17:21 - 00002525 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-17 16:30 - 2014-09-17 16:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-17 16:30 - 2014-09-17 16:30 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-17 16:30 - 2014-09-17 16:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-17 16:26 - 2014-09-17 16:29 - 211811872 ____N (Symantec Corporation) C:\Users\Teffala\Downloads\N360-TW-21.1.0-EN-ROW.exe
2014-09-17 16:25 - 2014-09-17 16:25 - 00266576 _____ () C:\Windows\Minidump\091714-4352-01.dmp
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieUserList
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieSiteList
2014-09-17 16:18 - 2014-09-17 16:18 - 00000000 ____D () C:\NPE
2014-09-17 16:17 - 2014-09-17 16:21 - 00000000 ____D () C:\Users\Teffala\AppData\Local\NPE
2014-09-17 16:17 - 2014-09-17 16:17 - 00000000 ____D () C:\ProgramData\SMR430
2014-09-17 16:09 - 2014-09-17 17:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-17 16:09 - 2014-09-17 17:21 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-17 16:09 - 2014-09-17 16:30 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-17 16:06 - 2014-09-17 16:06 - 00448512 _____ (OldTimer Tools) C:\Users\Teffala\Downloads\TFC.exe
2014-09-17 16:04 - 2014-09-17 16:08 - 235248307 _____ (Symantec Corporation) C:\Users\Teffala\Downloads\N360_21.1.0.18_MICROSOFT_LOEM60_MRF_2113_10387.exe
2014-09-15 17:55 - 2014-09-15 17:55 - 00026862 _____ () C:\Users\Teffala\Desktop\babygirl is perf x.txt
2014-09-15 16:49 - 2014-09-18 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 19:47 - 2014-09-17 16:54 - 00000000 ____D () C:\ProgramData\ExstrAASavingS
2014-09-13 14:47 - 2014-09-13 14:47 - 00000219 _____ () C:\Users\Teffala\Desktop\Counter-Strike Global Offensive.url
2014-09-11 19:31 - 2014-08-20 06:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:31 - 2014-08-20 05:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 19:31 - 2014-08-19 11:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:31 - 2014-08-19 10:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:31 - 2014-08-19 10:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:31 - 2014-08-19 10:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 19:31 - 2014-08-19 10:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:31 - 2014-08-19 10:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:31 - 2014-08-19 10:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:31 - 2014-08-19 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:31 - 2014-08-19 10:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:31 - 2014-08-19 10:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:31 - 2014-08-19 10:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 19:31 - 2014-08-19 10:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:31 - 2014-08-19 10:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:31 - 2014-08-19 10:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:31 - 2014-08-19 10:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:31 - 2014-08-19 10:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:31 - 2014-08-19 10:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:31 - 2014-08-19 09:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 19:31 - 2014-08-19 09:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:31 - 2014-08-19 09:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:31 - 2014-08-19 09:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 19:31 - 2014-08-19 09:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:31 - 2014-08-19 09:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 19:31 - 2014-08-19 09:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 19:31 - 2014-08-19 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 19:31 - 2014-08-19 09:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 19:31 - 2014-08-19 09:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:31 - 2014-08-19 09:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:31 - 2014-08-19 09:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 19:31 - 2014-08-19 09:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 19:31 - 2014-08-19 09:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:31 - 2014-08-19 09:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 19:31 - 2014-08-19 09:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 19:31 - 2014-08-19 09:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 19:31 - 2014-08-19 09:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 19:31 - 2014-08-19 09:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:31 - 2014-08-19 09:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:31 - 2014-08-19 09:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:31 - 2014-08-19 09:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:31 - 2014-08-19 09:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 19:31 - 2014-08-19 09:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 19:31 - 2014-08-19 09:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 19:31 - 2014-08-19 09:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 19:31 - 2014-08-19 09:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:31 - 2014-08-19 09:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 19:31 - 2014-08-19 09:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:31 - 2014-08-19 09:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 19:31 - 2014-08-19 09:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 19:31 - 2014-08-19 09:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 19:31 - 2014-08-19 08:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:31 - 2014-08-19 08:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 19:31 - 2014-08-19 08:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 19:31 - 2014-08-19 08:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:31 - 2014-08-19 08:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 19:30 - 2014-06-27 14:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 19:30 - 2014-06-27 13:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:08 - 2014-08-01 23:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 16:08 - 2014-08-01 23:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 15:56 - 2014-09-05 14:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 15:56 - 2014-09-05 14:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 15:56 - 2014-07-07 14:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 15:56 - 2014-07-07 14:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 15:56 - 2014-07-07 13:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 15:56 - 2014-07-07 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 15:56 - 2014-07-07 13:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 15:56 - 2014-06-24 15:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 15:56 - 2014-06-24 14:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 08:07 - 2014-09-09 08:07 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(2).exe
2014-09-08 08:29 - 2014-09-08 08:29 - 00001554 _____ () C:\Users\Public\Desktop\Wing Commander III.lnk
2014-09-08 08:29 - 2014-09-08 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-09-08 00:46 - 2014-09-10 16:39 - 00001355 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-09-08 00:46 - 2014-09-08 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-09-07 12:19 - 2014-09-17 16:54 - 00000000 ____D () C:\ProgramData\FIndBestDeAol
2014-09-07 08:00 - 2014-09-07 08:00 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(1).exe
2014-09-06 17:05 - 2014-09-06 17:05 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Unity
2014-09-06 17:04 - 2014-09-17 16:28 - 00000228 _____ () C:\Users\Teffala\BullseyeCoverageError.txt
2014-09-06 17:04 - 2014-09-06 17:04 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Unity
2014-09-06 17:03 - 2014-09-06 17:04 - 01202032 _____ (Unity Technologies ApS) C:\Users\Teffala\Downloads\UnityWebPlayer.exe
2014-09-03 19:02 - 2014-09-03 19:02 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-08-31 16:18 - 2014-08-31 16:18 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-08-31 16:17 - 2014-09-17 17:21 - 00000000 ____D () C:\Program Files (x86)\PC_Booster
2014-08-31 16:16 - 2014-09-17 16:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-31 16:16 - 2014-09-14 19:47 - 00000000 ____D () C:\ProgramData\b2db1e3379ad2ba8
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Packages
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\ProgramData\priacecchoP
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\ProgramData\Adblocker
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Program Files (x86)\priacecchoP
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-08-30 20:27 - 2014-08-30 20:27 - 00418417 _____ () C:\Users\Teffala\Downloads\Oblivion Load Order Manager v2-41399.exe
2014-08-30 20:15 - 2014-08-30 20:15 - 00002998 _____ () C:\Windows\System32\Tasks\{224F0C75-4785-4F09-BFB0-7B4AEA40530A}
2014-08-30 20:15 - 2014-08-30 20:15 - 00000102 _____ () C:\Windows\SysWOW64\obse_loader.log
2014-08-30 20:14 - 2014-08-30 20:14 - 00003008 _____ () C:\Windows\System32\Tasks\{BA415C66-F124-4737-9535-112CCEBE344B}
2014-08-30 19:48 - 2014-08-21 23:22 - 00008153 _____ () C:\Users\Teffala\Desktop\CameraCommands.html
2014-08-30 19:48 - 2014-08-21 19:18 - 00109568 _____ (Alenet) C:\Users\Teffala\Desktop\CameraCommands.dll
2014-08-30 17:52 - 2014-08-30 17:52 - 00000000 ____D () C:\Users\Teffala\Documents\4A Games
2014-08-30 13:12 - 2014-08-30 13:22 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\.minecraft
2014-08-29 17:06 - 2014-08-29 17:06 - 00281552 _____ () C:\Windows\Minidump\082914-3806-01.dmp
2014-08-28 07:51 - 2014-08-23 14:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:51 - 2014-08-23 13:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:51 - 2014-08-23 12:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 19:28 - 2014-08-27 19:28 - 00002213 _____ () C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
2014-08-27 19:09 - 2014-08-27 19:09 - 07326093 _____ (Macrovision Corporation) C:\Users\Teffala\Downloads\tes_construction_set_v1.2.exe
2014-08-27 18:36 - 2014-08-27 18:36 - 00001755 _____ () C:\Users\Teffala\Desktop\obse_loader - Shortcut.lnk
2014-08-27 18:33 - 2014-08-27 18:33 - 01662426 _____ () C:\Users\Teffala\Downloads\obse_0021.zip
2014-08-27 18:24 - 2014-08-27 18:24 - 00005381 _____ () C:\Users\Teffala\Downloads\Coolsims Hair Pack esp v1-43224-1.zip
2014-08-27 18:10 - 2014-08-27 18:11 - 07019454 _____ () C:\Users\Teffala\Downloads\Short Jeans HGEC-32150-1-1.zip
2014-08-27 17:57 - 2014-08-27 17:58 - 18429643 _____ () C:\Users\Teffala\Downloads\Capes and Cloaks-4539.zip
2014-08-27 16:48 - 2014-08-27 16:49 - 00014336 ___SH () C:\Users\Teffala\Thumbs.db
2014-08-27 16:40 - 2014-08-27 16:41 - 00000000 ____D () C:\Users\Teffala\Desktop\Data
2014-08-27 16:32 - 2014-08-27 16:32 - 00000000 ____D () C:\Users\Teffala\Desktop\HGEC
2014-08-27 16:29 - 2011-09-14 04:27 - 00000000 ____D () C:\Users\Teffala\textures
2014-08-27 16:29 - 2011-09-14 04:27 - 00000000 ____D () C:\Users\Teffala\meshes
2014-08-27 16:25 - 2014-08-27 16:25 - 00001275 _____ () C:\Users\Teffala\Desktop\Oblivion Mod Manager.lnk
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-08-26 20:30 - 2014-08-26 20:30 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 20:29 - 2014-08-26 20:35 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Oblivion
2014-08-21 19:42 - 2014-08-21 19:42 - 00000221 _____ () C:\Users\Teffala\Desktop\Metro 2033.url
2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Logitech
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Logishrd
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Logitech
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-08-19 11:50 - 2014-08-19 11:51 - 58423016 _____ (Logitech Inc.) C:\Users\Teffala\Downloads\LGS_8.55.137_x64_Logitech.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 12:25 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-18 12:25 - 2014-07-01 19:36 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Skype
2014-09-18 12:25 - 2014-06-30 16:25 - 00000000 ____D () C:\ProgramData\Norton
2014-09-18 12:25 - 2014-06-30 16:17 - 00000000 ____D () C:\Users\Teffala
2014-09-18 12:25 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\registration
2014-09-17 17:38 - 2014-09-17 17:37 - 00021005 _____ () C:\Users\Teffala\Downloads\FRST.txt
2014-09-17 17:38 - 2014-07-06 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 17:37 - 2014-09-17 17:37 - 00000000 ____D () C:\FRST
2014-09-17 17:37 - 2014-09-17 17:36 - 02105856 _____ (Farbar) C:\Users\Teffala\Downloads\FRST64.exe
2014-09-17 17:34 - 2014-06-30 16:23 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 17:28 - 2009-07-14 16:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 17:28 - 2009-07-14 16:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 17:26 - 2014-09-17 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-17 17:26 - 2009-07-14 17:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 17:25 - 2014-06-30 16:17 - 01191087 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 17:23 - 2014-08-13 15:54 - 00000000 ____D () C:\Users\Teffala\AppData\Local\LogMeIn Hamachi
2014-09-17 17:23 - 2014-06-30 16:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 17:21 - 2014-09-17 16:30 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-17 17:21 - 2014-09-17 16:30 - 00002525 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-17 17:21 - 2014-09-17 16:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-17 17:21 - 2014-09-17 16:09 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-17 17:21 - 2014-08-31 16:17 - 00000000 ____D () C:\Program Files (x86)\PC_Booster
2014-09-17 17:21 - 2014-06-30 16:37 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-17 17:21 - 2010-11-21 15:47 - 00835580 _____ () C:\Windows\PFRO.log
2014-09-17 17:21 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 17:21 - 2009-07-14 16:51 - 00070926 _____ () C:\Windows\setupact.log
2014-09-17 17:19 - 2014-09-17 17:19 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-09-17 16:54 - 2014-09-14 19:47 - 00000000 ____D () C:\ProgramData\ExstrAASavingS
2014-09-17 16:54 - 2014-09-07 12:19 - 00000000 ____D () C:\ProgramData\FIndBestDeAol
2014-09-17 16:30 - 2014-09-17 16:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-17 16:30 - 2014-09-17 16:30 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-17 16:30 - 2014-09-17 16:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-17 16:30 - 2014-09-17 16:09 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-17 16:29 - 2014-09-17 16:26 - 211811872 ____N (Symantec Corporation) C:\Users\Teffala\Downloads\N360-TW-21.1.0-EN-ROW.exe
2014-09-17 16:28 - 2014-09-06 17:04 - 00000228 _____ () C:\Users\Teffala\BullseyeCoverageError.txt
2014-09-17 16:25 - 2014-09-17 16:25 - 00266576 _____ () C:\Windows\Minidump\091714-4352-01.dmp
2014-09-17 16:25 - 2014-08-31 16:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-17 16:25 - 2014-07-27 23:15 - 223682904 _____ () C:\Windows\MEMORY.DMP
2014-09-17 16:25 - 2014-07-27 23:15 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieUserList
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieSiteList
2014-09-17 16:21 - 2014-09-17 16:17 - 00000000 ____D () C:\Users\Teffala\AppData\Local\NPE
2014-09-17 16:18 - 2014-09-17 16:18 - 00000000 ____D () C:\NPE
2014-09-17 16:17 - 2014-09-17 16:17 - 00000000 ____D () C:\ProgramData\SMR430
2014-09-17 16:08 - 2014-09-17 16:04 - 235248307 _____ (Symantec Corporation) C:\Users\Teffala\Downloads\N360_21.1.0.18_MICROSOFT_LOEM60_MRF_2113_10387.exe
2014-09-17 16:06 - 2014-09-17 16:06 - 00448512 _____ (OldTimer Tools) C:\Users\Teffala\Downloads\TFC.exe
2014-09-15 20:52 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 17:55 - 2014-09-15 17:55 - 00026862 _____ () C:\Users\Teffala\Desktop\babygirl is perf x.txt
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iPod
2014-09-15 16:49 - 2014-07-15 10:49 - 00001721 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 19:47 - 2014-08-31 16:16 - 00000000 ____D () C:\ProgramData\b2db1e3379ad2ba8
2014-09-13 14:47 - 2014-09-13 14:47 - 00000219 _____ () C:\Users\Teffala\Desktop\Counter-Strike Global Offensive.url
2014-09-13 11:23 - 2014-08-16 10:50 - 00000000 ____D () C:\ProgramData\Origin
2014-09-13 11:23 - 2014-08-16 10:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-12 21:00 - 2014-07-08 21:10 - 00000000 ____D () C:\Users\Teffala\AppData\Local\CrashDumps
2014-09-12 16:26 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:30 - 2014-07-03 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:30 - 2014-06-30 16:25 - 00768152 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 20:38 - 2014-07-06 19:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 20:38 - 2014-07-06 19:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 20:38 - 2014-07-06 19:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 16:39 - 2014-09-08 00:46 - 00001355 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-09-09 08:07 - 2014-09-09 08:07 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(2).exe
2014-09-08 10:42 - 2014-07-01 20:45 - 00203336 _____ () C:\Windows\DirectX.log
2014-09-08 10:42 - 2009-07-14 17:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-08 08:29 - 2014-09-08 08:29 - 00001554 _____ () C:\Users\Public\Desktop\Wing Commander III.lnk
2014-09-08 08:29 - 2014-09-08 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-09-08 08:29 - 2014-08-16 10:52 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-08 07:52 - 2014-08-16 11:14 - 00000000 ____D () C:\Users\Teffala\Documents\Electronic Arts
2014-09-08 00:46 - 2014-09-08 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-09-07 08:00 - 2014-09-07 08:00 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(1).exe
2014-09-06 20:28 - 2014-07-01 23:15 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\vlc
2014-09-06 18:14 - 2014-08-16 10:51 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Origin
2014-09-06 17:05 - 2014-09-06 17:05 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Unity
2014-09-06 17:04 - 2014-09-06 17:04 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Unity
2014-09-06 17:04 - 2014-09-06 17:03 - 01202032 _____ (Unity Technologies ApS) C:\Users\Teffala\Downloads\UnityWebPlayer.exe
2014-09-05 14:10 - 2014-09-10 15:56 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 14:05 - 2014-09-10 15:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 19:02 - 2014-09-03 19:02 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-08-31 16:18 - 2014-08-31 16:18 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Packages
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\ProgramData\priacecchoP
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\ProgramData\Adblocker
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Program Files (x86)\priacecchoP
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-08-31 16:16 - 2014-07-10 20:36 - 00000000 ____D () C:\Users\Bae\AppData\Local\Google
2014-08-31 16:16 - 2014-06-30 16:23 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Google
2014-08-31 16:16 - 2009-07-14 15:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-31 16:16 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-30 20:27 - 2014-08-30 20:27 - 00418417 _____ () C:\Users\Teffala\Downloads\Oblivion Load Order Manager v2-41399.exe
2014-08-30 20:15 - 2014-08-30 20:15 - 00002998 _____ () C:\Windows\System32\Tasks\{224F0C75-4785-4F09-BFB0-7B4AEA40530A}
2014-08-30 20:15 - 2014-08-30 20:15 - 00000102 _____ () C:\Windows\SysWOW64\obse_loader.log
2014-08-30 20:14 - 2014-08-30 20:14 - 00003008 _____ () C:\Windows\System32\Tasks\{BA415C66-F124-4737-9535-112CCEBE344B}
2014-08-30 17:52 - 2014-08-30 17:52 - 00000000 ____D () C:\Users\Teffala\Documents\4A Games
2014-08-30 17:51 - 2014-08-11 16:21 - 00000000 ____D () C:\Users\Teffala\AppData\Local\4A Games
2014-08-30 13:22 - 2014-08-30 13:12 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\.minecraft
2014-08-29 17:06 - 2014-08-29 17:06 - 00281552 _____ () C:\Windows\Minidump\082914-3806-01.dmp
2014-08-29 08:07 - 2009-07-14 16:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 20:50 - 2014-06-30 20:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 19:28 - 2014-08-27 19:28 - 00002213 _____ () C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
2014-08-27 19:09 - 2014-08-27 19:09 - 07326093 _____ (Macrovision Corporation) C:\Users\Teffala\Downloads\tes_construction_set_v1.2.exe
2014-08-27 19:09 - 2014-06-30 16:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-27 18:36 - 2014-08-27 18:36 - 00001755 _____ () C:\Users\Teffala\Desktop\obse_loader - Shortcut.lnk
2014-08-27 18:33 - 2014-08-27 18:33 - 01662426 _____ () C:\Users\Teffala\Downloads\obse_0021.zip
2014-08-27 18:24 - 2014-08-27 18:24 - 00005381 _____ () C:\Users\Teffala\Downloads\Coolsims Hair Pack esp v1-43224-1.zip
2014-08-27 18:11 - 2014-08-27 18:10 - 07019454 _____ () C:\Users\Teffala\Downloads\Short Jeans HGEC-32150-1-1.zip
2014-08-27 17:58 - 2014-08-27 17:57 - 18429643 _____ () C:\Users\Teffala\Downloads\Capes and Cloaks-4539.zip
2014-08-27 16:49 - 2014-08-27 16:48 - 00014336 ___SH () C:\Users\Teffala\Thumbs.db
2014-08-27 16:41 - 2014-08-27 16:40 - 00000000 ____D () C:\Users\Teffala\Desktop\Data
2014-08-27 16:32 - 2014-08-27 16:32 - 00000000 ____D () C:\Users\Teffala\Desktop\HGEC
2014-08-27 16:25 - 2014-08-27 16:25 - 00001275 _____ () C:\Users\Teffala\Desktop\Oblivion Mod Manager.lnk
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-08-27 16:25 - 2014-06-30 16:17 - 00000000 ____D () C:\Users\Teffala\AppData\Local\VirtualStore
2014-08-26 20:35 - 2014-08-26 20:29 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Oblivion
2014-08-26 20:30 - 2014-08-26 20:30 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 20:29 - 2014-08-13 15:43 - 00000000 ____D () C:\Users\Teffala\Documents\my games
2014-08-25 06:53 - 2010-11-21 15:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 14:07 - 2014-08-28 07:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 13:45 - 2014-08-28 07:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 12:59 - 2014-08-28 07:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 23:22 - 2014-08-30 19:48 - 00008153 _____ () C:\Users\Teffala\Desktop\CameraCommands.html
2014-08-21 19:42 - 2014-08-21 19:42 - 00000221 _____ () C:\Users\Teffala\Desktop\Metro 2033.url
2014-08-21 19:18 - 2014-08-30 19:48 - 00109568 _____ (Alenet) C:\Users\Teffala\Desktop\CameraCommands.dll
2014-08-20 06:05 - 2014-09-11 19:31 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 05:39 - 2014-09-11 19:31 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Logitech
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Logishrd
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Logitech
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-19 11:51 - 2014-08-19 11:51 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-08-19 11:51 - 2014-08-19 11:50 - 58423016 _____ (Logitech Inc.) C:\Users\Teffala\Downloads\LGS_8.55.137_x64_Logitech.exe
2014-08-19 11:51 - 2014-08-16 11:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 11:01 - 2014-09-11 19:31 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 10:29 - 2014-09-11 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 10:29 - 2014-09-11 19:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 10:26 - 2014-09-11 19:31 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 10:20 - 2014-09-11 19:31 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 10:19 - 2014-09-11 19:31 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 10:15 - 2014-09-11 19:31 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 10:15 - 2014-09-11 19:31 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 10:14 - 2014-09-11 19:31 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 10:14 - 2014-09-11 19:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 10:08 - 2014-09-11 19:31 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 10:08 - 2014-09-11 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 10:08 - 2014-09-11 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 10:05 - 2014-09-11 19:31 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 10:03 - 2014-09-11 19:31 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 10:03 - 2014-09-11 19:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 10:03 - 2014-09-11 19:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 09:57 - 2014-09-11 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 09:56 - 2014-09-11 19:31 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 09:51 - 2014-09-11 19:31 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 09:46 - 2014-09-11 19:31 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 09:45 - 2014-09-11 19:31 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 09:45 - 2014-09-11 19:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 09:44 - 2014-09-11 19:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 09:44 - 2014-09-11 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 09:42 - 2014-09-11 19:31 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 09:40 - 2014-09-11 19:31 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 09:39 - 2014-09-11 19:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 09:39 - 2014-09-11 19:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 09:39 - 2014-09-11 19:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 09:38 - 2014-09-11 19:31 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 09:37 - 2014-09-11 19:31 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 09:36 - 2014-09-11 19:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 09:35 - 2014-09-11 19:31 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 09:27 - 2014-09-11 19:31 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 09:25 - 2014-09-11 19:31 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 09:25 - 2014-09-11 19:31 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 09:23 - 2014-09-11 19:31 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 09:23 - 2014-09-11 19:31 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 09:22 - 2014-09-11 19:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 09:19 - 2014-09-11 19:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 09:17 - 2014-09-11 19:31 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 09:17 - 2014-09-11 19:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 09:16 - 2014-09-11 19:31 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 09:15 - 2014-09-11 19:31 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 09:15 - 2014-09-11 19:31 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 09:09 - 2014-09-11 19:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 09:08 - 2014-09-11 19:31 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 09:07 - 2014-09-11 19:31 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 08:55 - 2014-09-11 19:31 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 08:46 - 2014-09-11 19:31 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 08:38 - 2014-09-11 19:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 08:38 - 2014-09-11 19:31 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 08:36 - 2014-09-11 19:31 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Teffala\AppData\Local\Temp\_isA459.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:50

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Teffala at 2014-09-17 17:38:16
Running from C:\Users\Teffala\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 3.1.0.1892 - Adblocker)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
ExstrAASavingS (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - "") <==== ATTENTION
FIndBestDeAol (HKLM-x32\...\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}) (Version: - FindeBestDeal) <==== ATTENTION
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Logitech Gaming Software (Version: 8.30.28 - Logitech Inc.) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Firefox 32.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.02.041217 - NetCrawl) <==== ATTENTION
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
OC Button (HKLM-x32\...\InstallShield_{E27E691E-6D86-4BC3-A5AC-E14CFD43CFAD}) (Version: 1.00.0000 - GIGABYTE)
OC Button (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PC_Booster (HKLM-x32\...\S-493389286) (Version: 4.2.0.1459 - PremiumSoft) <==== ATTENTION
PC_Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{248642b4}) (Version: - Certified Publisher) <==== ATTENTION
priacecchoP (HKLM-x32\...\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}) (Version: 2.0.0.1399 - pRicoechuop) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.677.20 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
TP-LINK TL-WDN3800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
XSplit Gamecaster (HKLM-x32\...\{22EE0000-ECB1-486F-B928-990CECFE7B32}) (Version: 1.9.1407.2114 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

10-09-2014 03:37:40 Windows Update
11-09-2014 07:30:07 Windows Update
16-09-2014 08:43:37 Windows Update
17-09-2014 04:21:11 Norton_Power_Eraser_20140917162111528
17-09-2014 04:28:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2009-06-11 09:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E262069-A86A-4CF8-AC7B-531AF4661062} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {1EF685B5-D965-4BBF-AFAC-F7FA181C7EA2} - System32\Tasks\{224F0C75-4785-4F09-BFB0-7B4AEA40530A} => C:\Program Files (x86)\Bethesda Softworks\Oblivion\obse_loader.exe [2014-08-27] ()
Task: {24408EE5-F201-4A06-A529-36CA6111682D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-28] (Microsoft Corporation)
Task: {253D2E70-3AFB-4AAF-93B0-50388B2FA22D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {268BBEA3-9C9C-4D2C-A77D-5BAD4AF71561} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {31C4DF73-9478-416F-87BF-E2594A8B7158} - System32\Tasks\{C1F68D56-261C-44F0-B42B-CD0791B62005} => F:\Program Files\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe [2014-08-09] (Bethesda Softworks)
Task: {361C1807-1D9F-408B-969B-2C5847B5ED73} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-08-01] (Symantec Corporation)
Task: {534A6845-7CF2-4A80-A0DD-43FA841D2624} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6494D785-35C0-4724-ACAF-E2E1EC30543D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {74588776-C78A-42BA-BD14-8F7FADF0061F} - System32\Tasks\{3B137F67-1133-48D8-8520-42DBF6BF6739} => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_loader.exe [2014-07-08] ()
Task: {B32F5F75-5010-4FA0-862A-E3C526E47239} - System32\Tasks\{586CB9BC-6A2A-4158-BC91-29091ADD2A90} => F:\Program Files\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe [2014-08-09] (Bethesda Softworks)
Task: {C89ED942-D055-4511-BCBE-05B061AAB253} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {D62B979A-CA4D-41DD-84B5-EAE936782B54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {F8E42646-FAA4-4ADB-9EB8-1A890978B7F3} - System32\Tasks\{BA415C66-F124-4737-9535-112CCEBE344B} => C:\Program Files (x86)\Bethesda Softworks\Oblivion\OblivionLauncher.exe [2006-04-06] (Bethesda Softworks)
Task: {FC74819C-158A-409F-9B44-8DD794F07B14} - System32\Tasks\{DC27FF14-FA7B-4296-8CFD-5939BCA23820} => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_loader.exe [2014-07-08] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-30 20:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-09 17:47 - 2013-04-09 17:47 - 00018512 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
2014-08-28 20:49 - 2014-08-28 20:49 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-29 06:29 - 2014-07-29 06:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-29 06:32 - 2014-07-29 06:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-29 06:29 - 2014-07-29 06:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-29 06:31 - 2014-07-29 06:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-07-10 20:05 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-08 13:50 - 2012-02-08 13:50 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\Ycc.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () F:\Program Files\Program Files (x86)\iCloud\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () F:\Program Files\Program Files (x86)\iCloud\libxml2.dll
2014-09-14 21:08 - 2014-09-14 21:08 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-10 20:05 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-07-10 20:05 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-07-10 20:05 - 2013-04-02 13:41 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2014-07-10 20:05 - 2013-02-28 11:42 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2014-06-30 16:26 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-10 20:38 - 2014-09-10 20:38 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 05:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 04:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 04:19:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 03:38:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 08:34:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 05:10:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 03:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 08:13:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 07:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 11:13:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/17/2014 05:23:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/17/2014 05:21:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
UsbCharger

Error: (09/17/2014 04:27:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/17/2014 04:25:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
UsbCharger

Error: (09/17/2014 04:25:37 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88004599592, 0xfffff880009a9218, 0xfffff880009a8a70)C:\Windows\MEMORY.DMP091714-4352-01

Error: (09/17/2014 04:20:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/17/2014 04:18:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
UsbCharger
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64

Error: (09/17/2014 04:18:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PC_Sustainer service to connect.

Error: (09/17/2014 04:17:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/17/2014 04:06:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (09/17/2014 05:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 04:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 04:19:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 03:38:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 08:34:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 05:10:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 03:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 08:13:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 07:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 11:13:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8080.63 MB
Available physical RAM: 5759.5 MB
Total Pagefile: 16159.45 MB
Available Pagefile: 13841.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Solid State Drive) (Fixed) (Total:119.14 GB) (Free:44.75 GB) NTFS
Drive d: (Oblivion) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
Drive f: (HDD) (Fixed) (Total:931.51 GB) (Free:675.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 535566F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EA085C5A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




remove%20outdated.jpg
Uninstall some programs

We need to uninstall some programs.
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • ExstrAASavingS
  • FIndBestDeAol
  • NetCrawl
  • PC_Booster
  • PC_Sustainer 1.80
  • priacecchoP
After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.




FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.




51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

Attachments

  • fixlist.txt
    2.2 KB · Views: 49
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Awesome, thanks for the reply! When I first attempted to uninstall the PC_Sustainer 1.80 it didn't work at first, as it relied on PC Booster, but I just deleted the (empty) folder. No problems now, it doesn't show up as installed on the control panel.
 

Attachments

  • AdwCleaner[S0].txt
    10.5 KB · Views: 154
  • Fixlog.txt
    5.8 KB · Views: 54
  • Malwarebytes.txt
    2.3 KB · Views: 54
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Okay, actually, sometimes it will and sometimes it won't? I opened it just before and the tab still opened, but I closed the tab and then relaunched Mozilla and it didn't show? Kinda confused tbh.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's run one more tool:



51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
ffdefaults;
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Teffala on Thu 18/09/2014 at 19:44:05.98.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Teffala\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18/09/2014 7:44:44 p.m. Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Bae\AppData\Roaming\Mozilla\Firefox\Profiles\udfr9yj0.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com/");

Added to C:\Users\Bae\AppData\Roaming\Mozilla\Firefox\Profiles\udfr9yj0.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default\prefs.js:

Added to C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Bae\AppData\Roaming\Mozilla\Firefox\Profiles\udfr9yj0.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20141809_0751_.backup

ProfilePath: C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.1Mg removed from prefs.js ----
user_pref("extensions.1Mg.epoch", "1410253194");
user_pref("extensions.1Mg.url", "http://getjpiproxy.info/sync2/?q=hf...Vh7n0rjnEpja6rdaEqTnHtMFHhd9Fqda4rdYEpdk4qjrM
---- Lines extensions.FK73geNkouN removed from prefs.js ----
user_pref("extensions.FK73geNkouN.epoch", "1409814230");
user_pref("extensions.FK73geNkouN.url", "http://syncjpi.info/sync2/?q=hfZ9of...peShGheDUojw9rdYHrja9rjgHqShIC7n0rjnEpjaHrdCE
---- Lines extensions.RrL_5 removed from prefs.js ----
user_pref("extensions.RrL_5.epoch", "1409814230");
user_pref("extensions.RrL_5.url", "http://getjpi.info/sync2/?q=hfZ9ofV...n0rjnEpdrFrdnFqTn6tMFHhd9Fqda4rdrEqHaHrTsMDMl
---- Lines extensions.ePE4UozwQPRzNJGg removed from prefs.js ----
user_pref("extensions.ePE4UozwQPRzNJGg.epoch", "1410767245");
user_pref("extensions.ePE4UozwQPRzNJGg.url", "http://progamessafecard.in/sync2/?q...TB6lKDzt4ok4AtNtVh7n0rjnEpjw9rdCHqTw5tMFHhd9F
---- FireFox user.js and prefs.js backups ----

prefs_20141809_0751_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Teffala\AppData\LocalLow\{D1FEF046-95DA-9587-8D68-757F70041511} deleted
C:\Users\Teffala\AppData\Local\Packages\windows_ie_ac_001\AC\{D1FEF046-95DA-9587-8D68-757F70041511} deleted
C:\PROGRA~3\b2db1e3379ad2ba8 deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Bae\AppData\Roaming\Mozilla\Firefox\Profiles\udfr9yj0.default\extensions\staged deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [18/09/2014 07:37 p.m.]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\2n33qo5z.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\Teffala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Teffala\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[01/07/2014 07:27 p.m.]

Share the Wealth - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
Share the Wealth - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - Bae\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Bae\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Norton Identity Protection - Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Find My Bookmarks - Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold
Share the Wealth - Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
Counter Strike Best Online Games Collection - Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh
Iron Man Lego Adventures - Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnogigepjacgjicmdgomidfjnmjkifbl
Share the Wealth - Bae\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Bae\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
Share the Wealth - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
Share the Wealth - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Share the Wealth - Teffala\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Teffala\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg
Norton Identity Protection - Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Google Voice Search Hotword (Beta) - Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Find My Bookmarks - Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold
Share the Wealth - Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
Counter Strike Best Online Games Collection - Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh
Iron Man Lego Adventures - Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnogigepjacgjicmdgomidfjnmjkifbl
Share the Wealth - Teffala\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea
priccechop - Teffala\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg

==== Chromium Startpages ======================

C:\Users\Bae\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",

C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Chromium Fix ======================

C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Bae\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Bae\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Teffala\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Teffala\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Bae\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Bae\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Teffala\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Teffala\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnlnbmiokjgnabhmdiliblbmmcbdajbg deleted successfully
C:\Users\Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold deleted successfully
C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold deleted successfully
C:\Users\Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh deleted successfully
C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh deleted successfully
C:\Users\Bae\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnogigepjacgjicmdgomidfjnmjkifbl deleted successfully
C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnogigepjacgjicmdgomidfjnmjkifbl deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teffala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teffala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Bae\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=255 folders=93 16611431 bytes)

==== Empty Temp Folders ======================

C:\Users\Bae\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Teffala\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Teffala\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 18/09/2014 at 19:57:25.91 ======================
 
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Hmm, that didn't seem to work either... Whenever I log in/turn on my PC Firefox opens itself up and then the gameharbor loads... Each time I close the tab, but when I log in again it's there... So it's not a matter of Firefox just remembering the tabs I had open.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Teffala at 2014-09-20 20:47:29
Running from C:\Users\Teffala\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Logitech Gaming Software (Version: 8.30.28 - Logitech Inc.) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Firefox 32.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
OC Button (HKLM-x32\...\InstallShield_{E27E691E-6D86-4BC3-A5AC-E14CFD43CFAD}) (Version: 1.00.0000 - GIGABYTE)
OC Button (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.677.20 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
TP-LINK TL-WDN3800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
XSplit Gamecaster (HKLM-x32\...\{22EE0000-ECB1-486F-B928-990CECFE7B32}) (Version: 1.9.1407.2114 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-337889521-3967207631-3113226611-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Teffala\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

16-09-2014 08:43:37 Windows Update
17-09-2014 04:21:11 Norton_Power_Eraser_20140917162111528
17-09-2014 04:28:58 Windows Update
18-09-2014 07:44:41 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2009-06-11 09:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E262069-A86A-4CF8-AC7B-531AF4661062} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {1EF685B5-D965-4BBF-AFAC-F7FA181C7EA2} - System32\Tasks\{224F0C75-4785-4F09-BFB0-7B4AEA40530A} => C:\Program Files (x86)\Bethesda Softworks\Oblivion\obse_loader.exe [2014-08-27] ()
Task: {24408EE5-F201-4A06-A529-36CA6111682D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-28] (Microsoft Corporation)
Task: {253D2E70-3AFB-4AAF-93B0-50388B2FA22D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {268BBEA3-9C9C-4D2C-A77D-5BAD4AF71561} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {31C4DF73-9478-416F-87BF-E2594A8B7158} - System32\Tasks\{C1F68D56-261C-44F0-B42B-CD0791B62005} => F:\Program Files\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe [2014-08-09] (Bethesda Softworks)
Task: {361C1807-1D9F-408B-969B-2C5847B5ED73} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-08-01] (Symantec Corporation)
Task: {534A6845-7CF2-4A80-A0DD-43FA841D2624} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6494D785-35C0-4724-ACAF-E2E1EC30543D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {74588776-C78A-42BA-BD14-8F7FADF0061F} - System32\Tasks\{3B137F67-1133-48D8-8520-42DBF6BF6739} => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_loader.exe [2014-07-08] ()
Task: {B32F5F75-5010-4FA0-862A-E3C526E47239} - System32\Tasks\{586CB9BC-6A2A-4158-BC91-29091ADD2A90} => F:\Program Files\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe [2014-08-09] (Bethesda Softworks)
Task: {C89ED942-D055-4511-BCBE-05B061AAB253} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {D62B979A-CA4D-41DD-84B5-EAE936782B54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-17] (Adobe Systems Incorporated)
Task: {E0D55D86-84DA-40A4-9CEF-BA3CF4B98696} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TheBae-Teffala TheBae => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-28] (Microsoft Corporation)
Task: {F8E42646-FAA4-4ADB-9EB8-1A890978B7F3} - System32\Tasks\{BA415C66-F124-4737-9535-112CCEBE344B} => C:\Program Files (x86)\Bethesda Softworks\Oblivion\OblivionLauncher.exe [2006-04-06] (Bethesda Softworks)
Task: {FC74819C-158A-409F-9B44-8DD794F07B14} - System32\Tasks\{DC27FF14-FA7B-4296-8CFD-5939BCA23820} => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_loader.exe [2014-07-08] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-30 20:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-09 17:47 - 2013-04-09 17:47 - 00018512 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
2014-08-28 20:49 - 2014-08-28 20:49 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-29 06:29 - 2014-07-29 06:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-29 06:32 - 2014-07-29 06:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-29 06:29 - 2014-07-29 06:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-29 06:31 - 2014-07-29 06:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-07-10 20:05 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-08 13:50 - 2012-02-08 13:50 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\Ycc.dll
2014-06-30 16:26 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () F:\Program Files\Program Files (x86)\iCloud\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () F:\Program Files\Program Files (x86)\iCloud\libxml2.dll
2014-07-10 20:05 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-07-10 20:05 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-07-10 20:05 - 2013-04-02 13:41 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2014-07-10 20:05 - 2013-02-28 11:42 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2014-04-23 16:04 - 2014-04-23 16:04 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-08-30 17:47 - 2014-08-22 06:15 - 01171456 _____ () F:\Program Files\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 17:47 - 2014-08-22 06:15 - 00442368 _____ () F:\Program Files\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 17:47 - 2014-08-22 06:15 - 00332800 _____ () F:\Program Files\Program Files (x86)\Steam\libavresample-2.dll
2014-07-10 19:59 - 2014-08-21 10:38 - 00774656 _____ () F:\Program Files\Program Files (x86)\Steam\SDL2.dll
2014-07-10 19:59 - 2014-08-28 23:48 - 02224320 _____ () F:\Program Files\Program Files (x86)\Steam\video.dll
2014-08-30 17:47 - 2014-08-22 06:15 - 00403968 _____ () F:\Program Files\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 17:47 - 2014-08-22 06:15 - 00485888 _____ () F:\Program Files\Program Files (x86)\Steam\libswscale-3.dll
2014-07-10 19:59 - 2014-08-28 23:48 - 00678080 _____ () F:\Program Files\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-10 19:59 - 2014-08-21 10:38 - 34589376 _____ () F:\Program Files\Program Files (x86)\Steam\bin\libcef.dll
2014-08-16 16:12 - 2014-08-21 10:38 - 00837824 _____ () F:\Program Files\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-09-14 21:08 - 2014-09-14 21:08 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2014 11:23:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011

Error: (09/20/2014 11:23:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011

Error: (09/20/2014 11:23:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 11:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013

Error: (09/20/2014 11:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013

Error: (09/20/2014 11:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 11:23:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (09/20/2014 11:23:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (09/20/2014 11:23:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 11:10:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1181df69-59e9-4f26-8231-e250eef03fce}


System errors:
=============
Error: (09/20/2014 02:41:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.100.
The computer with the IP address 192.168.0.107 did not allow the name to be claimed by
this computer.

Error: (09/20/2014 01:59:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (09/20/2014 10:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/20/2014 10:15:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
UsbCharger

Error: (09/19/2014 08:47:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/19/2014 08:45:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
UsbCharger

Error: (09/18/2014 07:59:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/18/2014 07:57:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
UsbCharger

Error: (09/18/2014 07:51:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/18/2014 07:51:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (09/20/2014 11:23:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011

Error: (09/20/2014 11:23:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011

Error: (09/20/2014 11:23:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 11:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013

Error: (09/20/2014 11:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013

Error: (09/20/2014 11:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 11:23:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (09/20/2014 11:23:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (09/20/2014 11:23:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 11:10:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1181df69-59e9-4f26-8231-e250eef03fce}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8080.63 MB
Available physical RAM: 5731.92 MB
Total Pagefile: 16159.45 MB
Available Pagefile: 13186.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Solid State Drive) (Fixed) (Total:119.14 GB) (Free:44.49 GB) NTFS
Drive d: (Oblivion) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
Drive f: (HDD) (Fixed) (Total:931.51 GB) (Free:675.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 535566F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EA085C5A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Teffala (administrator) on THEBAE on 20-09-2014 20:47:06
Running from C:\Users\Teffala\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\n360.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) F:\Program Files\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iCloud\iCloudServices.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iCloud\ApplePhotoStreams.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() F:\Program Files\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) F:\Program Files\Program Files (x86)\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) F:\Program Files\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) F:\Program Files\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Program Files\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) F:\Program Files\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-29] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [ISUSScheduler] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\Program Files\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [ISUSPM Startup] => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [iCloudServices] => F:\Program Files\Program Files (x86)\iCloud\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [ApplePhotoStreams] => F:\Program Files\Program Files (x86)\iCloud\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\MountPoints2: {7e8149c8-000b-11e4-951b-806e6f6e6963} - D:\Run.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\vfrjt9ul.default-1411116786267
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Program Files\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Teffala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Teffala\AppData\Roaming\Mozilla\Firefox\Profiles\vfrjt9ul.default-1411116786267\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.co.nz
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Profile: C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Norton Identity Protection) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-30]
CHR Extension: (YouTube) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-30]
CHR Extension: (Google Search) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-30]
CHR Extension: (Google Wallet) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR Extension: (Gmail) - C:\Users\Teffala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-30]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Teffala\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 GUP7Serv; C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [18512 2013-04-09] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2013-01-22] (Wireless) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-15] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-17] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140919.001\IDSvia64.sys [633560 2014-09-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140919.019\ENG64.SYS [129752 2014-09-17] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140919.019\EX64.SYS [2137304 2014-09-17] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] () [File not signed]
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 20:47 - 2014-09-20 20:47 - 00019374 _____ () C:\Users\Teffala\Desktop\FRST.txt
2014-09-20 20:38 - 2014-09-20 20:39 - 00000000 ____D () C:\Users\Teffala\Desktop\1ST Scans
2014-09-18 20:12 - 2014-09-20 16:09 - 00000228 _____ () C:\Users\Teffala\BullseyeCoverageError.txt
2014-09-18 19:53 - 2014-09-20 19:05 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TheBae-Teffala TheBae
2014-09-18 19:53 - 2014-09-18 19:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-18 19:44 - 2014-09-18 19:57 - 00017665 _____ () C:\zoek-results.log
2014-09-18 19:43 - 2014-09-18 19:53 - 00000000 ____D () C:\zoek_backup
2014-09-17 22:01 - 2014-09-17 22:03 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Adobe
2014-09-17 21:22 - 2014-09-17 21:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 21:22 - 2014-09-17 21:22 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 21:22 - 2014-09-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 21:22 - 2014-09-17 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 21:22 - 2014-09-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 21:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-17 21:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-17 21:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-17 21:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-17 21:18 - 2014-09-17 21:19 - 00000000 ____D () C:\AdwCleaner
2014-09-17 21:11 - 2014-09-17 21:11 - 00002235 _____ () C:\Users\Teffala\Downloads\fixlist.txt
2014-09-17 17:37 - 2014-09-20 20:47 - 00000000 ____D () C:\FRST
2014-09-17 17:36 - 2014-09-17 17:37 - 02105856 _____ (Farbar) C:\Users\Teffala\Desktop\FRST64.exe
2014-09-17 17:26 - 2014-09-17 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-17 17:19 - 2014-09-17 17:19 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-09-17 16:30 - 2014-09-17 17:21 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-17 16:30 - 2014-09-17 17:21 - 00002525 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-17 16:30 - 2014-09-17 16:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-17 16:30 - 2014-09-17 16:30 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-17 16:30 - 2014-09-17 16:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-17 16:26 - 2014-09-17 16:29 - 211811872 ____N (Symantec Corporation) C:\Users\Teffala\Downloads\N360-TW-21.1.0-EN-ROW.exe
2014-09-17 16:25 - 2014-09-17 16:25 - 00266576 _____ () C:\Windows\Minidump\091714-4352-01.dmp
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieUserList
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieSiteList
2014-09-17 16:18 - 2014-09-17 16:18 - 00000000 ____D () C:\NPE
2014-09-17 16:17 - 2014-09-17 16:21 - 00000000 ____D () C:\Users\Teffala\AppData\Local\NPE
2014-09-17 16:17 - 2014-09-17 16:17 - 00000000 ____D () C:\ProgramData\SMR430
2014-09-17 16:09 - 2014-09-17 17:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-17 16:09 - 2014-09-17 17:21 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-17 16:09 - 2014-09-17 16:30 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-17 16:06 - 2014-09-17 16:06 - 00448512 _____ (OldTimer Tools) C:\Users\Teffala\Downloads\TFC.exe
2014-09-17 16:04 - 2014-09-17 16:08 - 235248307 _____ (Symantec Corporation) C:\Users\Teffala\Downloads\N360_21.1.0.18_MICROSOFT_LOEM60_MRF_2113_10387.exe
2014-09-15 16:49 - 2014-09-18 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iPod
2014-09-13 14:47 - 2014-09-13 14:47 - 00000219 _____ () C:\Users\Teffala\Desktop\Counter-Strike Global Offensive.url
2014-09-11 19:31 - 2014-08-20 06:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:31 - 2014-08-20 05:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 19:31 - 2014-08-19 11:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:31 - 2014-08-19 10:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:31 - 2014-08-19 10:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:31 - 2014-08-19 10:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 19:31 - 2014-08-19 10:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:31 - 2014-08-19 10:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:31 - 2014-08-19 10:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:31 - 2014-08-19 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:31 - 2014-08-19 10:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:31 - 2014-08-19 10:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:31 - 2014-08-19 10:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 19:31 - 2014-08-19 10:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:31 - 2014-08-19 10:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:31 - 2014-08-19 10:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:31 - 2014-08-19 10:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:31 - 2014-08-19 10:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:31 - 2014-08-19 10:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:31 - 2014-08-19 09:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 19:31 - 2014-08-19 09:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:31 - 2014-08-19 09:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:31 - 2014-08-19 09:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 19:31 - 2014-08-19 09:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:31 - 2014-08-19 09:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 19:31 - 2014-08-19 09:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 19:31 - 2014-08-19 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 19:31 - 2014-08-19 09:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 19:31 - 2014-08-19 09:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:31 - 2014-08-19 09:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:31 - 2014-08-19 09:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 19:31 - 2014-08-19 09:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 19:31 - 2014-08-19 09:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:31 - 2014-08-19 09:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 19:31 - 2014-08-19 09:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 19:31 - 2014-08-19 09:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 19:31 - 2014-08-19 09:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 19:31 - 2014-08-19 09:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:31 - 2014-08-19 09:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:31 - 2014-08-19 09:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:31 - 2014-08-19 09:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:31 - 2014-08-19 09:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 19:31 - 2014-08-19 09:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 19:31 - 2014-08-19 09:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 19:31 - 2014-08-19 09:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 19:31 - 2014-08-19 09:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:31 - 2014-08-19 09:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 19:31 - 2014-08-19 09:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:31 - 2014-08-19 09:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 19:31 - 2014-08-19 09:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 19:31 - 2014-08-19 09:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 19:31 - 2014-08-19 08:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:31 - 2014-08-19 08:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 19:31 - 2014-08-19 08:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 19:31 - 2014-08-19 08:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:31 - 2014-08-19 08:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 19:30 - 2014-06-27 14:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 19:30 - 2014-06-27 13:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:08 - 2014-08-01 23:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 16:08 - 2014-08-01 23:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 15:56 - 2014-09-05 14:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 15:56 - 2014-09-05 14:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 15:56 - 2014-07-07 14:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 15:56 - 2014-07-07 14:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 15:56 - 2014-07-07 13:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 15:56 - 2014-07-07 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 15:56 - 2014-07-07 13:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 15:56 - 2014-06-24 15:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 15:56 - 2014-06-24 14:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 08:07 - 2014-09-09 08:07 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(2).exe
2014-09-08 08:29 - 2014-09-08 08:29 - 00001554 _____ () C:\Users\Public\Desktop\Wing Commander III.lnk
2014-09-08 08:29 - 2014-09-08 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-09-08 00:46 - 2014-09-10 16:39 - 00001355 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-09-08 00:46 - 2014-09-08 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-09-07 08:00 - 2014-09-07 08:00 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(1).exe
2014-09-06 17:05 - 2014-09-06 17:05 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Unity
2014-09-06 17:04 - 2014-09-06 17:04 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Unity
2014-09-06 17:03 - 2014-09-06 17:04 - 01202032 _____ (Unity Technologies ApS) C:\Users\Teffala\Downloads\UnityWebPlayer.exe
2014-09-03 19:02 - 2014-09-03 19:02 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-08-31 16:16 - 2014-09-17 16:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Packages
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator
2014-08-30 20:27 - 2014-08-30 20:27 - 00418417 _____ () C:\Users\Teffala\Downloads\Oblivion Load Order Manager v2-41399.exe
2014-08-30 20:15 - 2014-08-30 20:15 - 00002998 _____ () C:\Windows\System32\Tasks\{224F0C75-4785-4F09-BFB0-7B4AEA40530A}
2014-08-30 20:15 - 2014-08-30 20:15 - 00000102 _____ () C:\Windows\SysWOW64\obse_loader.log
2014-08-30 20:14 - 2014-08-30 20:14 - 00003008 _____ () C:\Windows\System32\Tasks\{BA415C66-F124-4737-9535-112CCEBE344B}
2014-08-30 17:52 - 2014-08-30 17:52 - 00000000 ____D () C:\Users\Teffala\Documents\4A Games
2014-08-30 13:12 - 2014-08-30 13:22 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\.minecraft
2014-08-29 17:06 - 2014-08-29 17:06 - 00281552 _____ () C:\Windows\Minidump\082914-3806-01.dmp
2014-08-28 07:51 - 2014-08-23 14:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:51 - 2014-08-23 13:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:51 - 2014-08-23 12:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 19:28 - 2014-08-27 19:28 - 00002213 _____ () C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
2014-08-27 19:09 - 2014-08-27 19:09 - 07326093 _____ (Macrovision Corporation) C:\Users\Teffala\Downloads\tes_construction_set_v1.2.exe
2014-08-27 18:36 - 2014-09-17 21:42 - 00002027 _____ () C:\Users\Teffala\Desktop\obse_loader - Shortcut.lnk
2014-08-27 18:33 - 2014-08-27 18:33 - 01662426 _____ () C:\Users\Teffala\Downloads\obse_0021.zip
2014-08-27 18:24 - 2014-08-27 18:24 - 00005381 _____ () C:\Users\Teffala\Downloads\Coolsims Hair Pack esp v1-43224-1.zip
2014-08-27 18:10 - 2014-08-27 18:11 - 07019454 _____ () C:\Users\Teffala\Downloads\Short Jeans HGEC-32150-1-1.zip
2014-08-27 17:57 - 2014-08-27 17:58 - 18429643 _____ () C:\Users\Teffala\Downloads\Capes and Cloaks-4539.zip
2014-08-27 16:48 - 2014-08-27 16:49 - 00014336 ___SH () C:\Users\Teffala\Thumbs.db
2014-08-27 16:40 - 2014-09-17 21:40 - 00000000 ____D () C:\Users\Teffala\Desktop\Data
2014-08-27 16:25 - 2014-08-27 16:25 - 00001275 _____ () C:\Users\Teffala\Desktop\Oblivion Mod Manager.lnk
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-08-26 20:30 - 2014-08-26 20:30 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 20:29 - 2014-08-26 20:35 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Oblivion
2014-08-21 19:42 - 2014-08-21 19:42 - 00000221 _____ () C:\Users\Teffala\Desktop\Metro 2033.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 20:47 - 2014-09-20 20:47 - 00019374 _____ () C:\Users\Teffala\Desktop\FRST.txt
2014-09-20 20:47 - 2014-09-17 17:37 - 00000000 ____D () C:\FRST
2014-09-20 20:44 - 2014-07-01 19:36 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Skype
2014-09-20 20:39 - 2014-09-20 20:38 - 00000000 ____D () C:\Users\Teffala\Desktop\1ST Scans
2014-09-20 20:38 - 2014-07-06 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 20:38 - 2009-07-14 16:51 - 00074006 _____ () C:\Windows\setupact.log
2014-09-20 20:34 - 2014-06-30 16:23 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 19:05 - 2014-09-18 19:53 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TheBae-Teffala TheBae
2014-09-20 18:34 - 2014-06-30 16:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 17:04 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 16:09 - 2014-09-18 20:12 - 00000228 _____ () C:\Users\Teffala\BullseyeCoverageError.txt
2014-09-20 15:31 - 2014-06-30 16:17 - 01296644 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 10:23 - 2014-08-13 15:54 - 00000000 ____D () C:\Users\Teffala\AppData\Local\LogMeIn Hamachi
2014-09-20 10:22 - 2009-07-14 16:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 10:22 - 2009-07-14 16:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 10:19 - 2009-07-14 17:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 10:15 - 2014-06-30 16:37 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-20 10:15 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 20:12 - 2014-06-30 16:17 - 00000000 ____D () C:\Users\Teffala
2014-09-18 19:57 - 2014-09-18 19:44 - 00017665 _____ () C:\zoek-results.log
2014-09-18 19:57 - 2010-11-21 15:47 - 00858034 _____ () C:\Windows\PFRO.log
2014-09-18 19:53 - 2014-09-18 19:43 - 00000000 ____D () C:\zoek_backup
2014-09-18 19:51 - 2014-07-08 21:10 - 00000000 ____D () C:\Users\Teffala\AppData\Local\CrashDumps
2014-09-18 19:43 - 2014-09-18 19:53 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-18 12:25 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-18 12:25 - 2014-06-30 16:25 - 00000000 ____D () C:\ProgramData\Norton
2014-09-18 12:25 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\registration
2014-09-17 22:03 - 2014-09-17 22:01 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Adobe
2014-09-17 22:02 - 2014-07-06 19:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-17 22:02 - 2014-07-06 19:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-17 22:02 - 2014-07-06 19:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-17 21:42 - 2014-08-27 18:36 - 00002027 _____ () C:\Users\Teffala\Desktop\obse_loader - Shortcut.lnk
2014-09-17 21:40 - 2014-08-27 16:40 - 00000000 ____D () C:\Users\Teffala\Desktop\Data
2014-09-17 21:27 - 2014-09-17 21:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 21:22 - 2014-09-17 21:22 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 21:22 - 2014-09-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 21:22 - 2014-09-17 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 21:22 - 2014-09-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 21:19 - 2014-09-17 21:18 - 00000000 ____D () C:\AdwCleaner
2014-09-17 21:11 - 2014-09-17 21:11 - 00002235 _____ () C:\Users\Teffala\Downloads\fixlist.txt
2014-09-17 17:37 - 2014-09-17 17:36 - 02105856 _____ (Farbar) C:\Users\Teffala\Desktop\FRST64.exe
2014-09-17 17:26 - 2014-09-17 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-17 17:21 - 2014-09-17 16:30 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-17 17:21 - 2014-09-17 16:30 - 00002525 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-17 17:21 - 2014-09-17 16:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-17 17:21 - 2014-09-17 16:09 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-17 17:19 - 2014-09-17 17:19 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-09-17 16:30 - 2014-09-17 16:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-17 16:30 - 2014-09-17 16:30 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-17 16:30 - 2014-09-17 16:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-17 16:30 - 2014-09-17 16:09 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-17 16:29 - 2014-09-17 16:26 - 211811872 ____N (Symantec Corporation) C:\Users\Teffala\Downloads\N360-TW-21.1.0-EN-ROW.exe
2014-09-17 16:25 - 2014-09-17 16:25 - 00266576 _____ () C:\Windows\Minidump\091714-4352-01.dmp
2014-09-17 16:25 - 2014-08-31 16:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-17 16:25 - 2014-07-27 23:15 - 223682904 _____ () C:\Windows\MEMORY.DMP
2014-09-17 16:25 - 2014-07-27 23:15 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieUserList
2014-09-17 16:21 - 2014-09-17 16:21 - 00000000 __SHD () C:\Users\Teffala\AppData\Local\EmieSiteList
2014-09-17 16:21 - 2014-09-17 16:17 - 00000000 ____D () C:\Users\Teffala\AppData\Local\NPE
2014-09-17 16:18 - 2014-09-17 16:18 - 00000000 ____D () C:\NPE
2014-09-17 16:17 - 2014-09-17 16:17 - 00000000 ____D () C:\ProgramData\SMR430
2014-09-17 16:08 - 2014-09-17 16:04 - 235248307 _____ (Symantec Corporation) C:\Users\Teffala\Downloads\N360_21.1.0.18_MICROSOFT_LOEM60_MRF_2113_10387.exe
2014-09-17 16:06 - 2014-09-17 16:06 - 00448512 _____ (OldTimer Tools) C:\Users\Teffala\Downloads\TFC.exe
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files\iPod
2014-09-15 16:49 - 2014-07-15 10:49 - 00001721 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-13 14:47 - 2014-09-13 14:47 - 00000219 _____ () C:\Users\Teffala\Desktop\Counter-Strike Global Offensive.url
2014-09-13 11:23 - 2014-08-16 10:50 - 00000000 ____D () C:\ProgramData\Origin
2014-09-13 11:23 - 2014-08-16 10:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-12 16:26 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:30 - 2014-07-03 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:30 - 2014-06-30 16:25 - 00768152 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 16:39 - 2014-09-08 00:46 - 00001355 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-09-09 08:07 - 2014-09-09 08:07 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(2).exe
2014-09-08 10:42 - 2014-07-01 20:45 - 00203336 _____ () C:\Windows\DirectX.log
2014-09-08 10:42 - 2009-07-14 17:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-08 08:29 - 2014-09-08 08:29 - 00001554 _____ () C:\Users\Public\Desktop\Wing Commander III.lnk
2014-09-08 08:29 - 2014-09-08 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-09-08 08:29 - 2014-08-16 10:52 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-08 07:52 - 2014-08-16 11:14 - 00000000 ____D () C:\Users\Teffala\Documents\Electronic Arts
2014-09-08 00:46 - 2014-09-08 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-09-07 08:00 - 2014-09-07 08:00 - 01057472 _____ (Adobe) C:\Users\Teffala\Downloads\install_flashplayer14x32au_mssa_aaa_aih(1).exe
2014-09-06 20:28 - 2014-07-01 23:15 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\vlc
2014-09-06 18:14 - 2014-08-16 10:51 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Origin
2014-09-06 17:05 - 2014-09-06 17:05 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Unity
2014-09-06 17:04 - 2014-09-06 17:04 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Unity
2014-09-06 17:04 - 2014-09-06 17:03 - 01202032 _____ (Unity Technologies ApS) C:\Users\Teffala\Downloads\UnityWebPlayer.exe
2014-09-05 14:10 - 2014-09-10 15:56 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 14:05 - 2014-09-10 15:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 19:02 - 2014-09-03 19:02 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Packages
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Guest
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Bae\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-31 16:16 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Administrator
2014-08-31 16:16 - 2014-07-10 20:36 - 00000000 ____D () C:\Users\Bae\AppData\Local\Google
2014-08-31 16:16 - 2014-06-30 16:23 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Google
2014-08-31 16:16 - 2009-07-14 15:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-31 16:16 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-30 20:27 - 2014-08-30 20:27 - 00418417 _____ () C:\Users\Teffala\Downloads\Oblivion Load Order Manager v2-41399.exe
2014-08-30 20:15 - 2014-08-30 20:15 - 00002998 _____ () C:\Windows\System32\Tasks\{224F0C75-4785-4F09-BFB0-7B4AEA40530A}
2014-08-30 20:15 - 2014-08-30 20:15 - 00000102 _____ () C:\Windows\SysWOW64\obse_loader.log
2014-08-30 20:14 - 2014-08-30 20:14 - 00003008 _____ () C:\Windows\System32\Tasks\{BA415C66-F124-4737-9535-112CCEBE344B}
2014-08-30 17:52 - 2014-08-30 17:52 - 00000000 ____D () C:\Users\Teffala\Documents\4A Games
2014-08-30 17:51 - 2014-08-11 16:21 - 00000000 ____D () C:\Users\Teffala\AppData\Local\4A Games
2014-08-30 13:22 - 2014-08-30 13:12 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\.minecraft
2014-08-29 17:06 - 2014-08-29 17:06 - 00281552 _____ () C:\Windows\Minidump\082914-3806-01.dmp
2014-08-29 08:07 - 2009-07-14 16:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 20:50 - 2014-06-30 20:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 19:28 - 2014-08-27 19:28 - 00002213 _____ () C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
2014-08-27 19:09 - 2014-08-27 19:09 - 07326093 _____ (Macrovision Corporation) C:\Users\Teffala\Downloads\tes_construction_set_v1.2.exe
2014-08-27 19:09 - 2014-06-30 16:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-27 18:33 - 2014-08-27 18:33 - 01662426 _____ () C:\Users\Teffala\Downloads\obse_0021.zip
2014-08-27 18:24 - 2014-08-27 18:24 - 00005381 _____ () C:\Users\Teffala\Downloads\Coolsims Hair Pack esp v1-43224-1.zip
2014-08-27 18:11 - 2014-08-27 18:10 - 07019454 _____ () C:\Users\Teffala\Downloads\Short Jeans HGEC-32150-1-1.zip
2014-08-27 17:58 - 2014-08-27 17:57 - 18429643 _____ () C:\Users\Teffala\Downloads\Capes and Cloaks-4539.zip
2014-08-27 16:49 - 2014-08-27 16:48 - 00014336 ___SH () C:\Users\Teffala\Thumbs.db
2014-08-27 16:25 - 2014-08-27 16:25 - 00001275 _____ () C:\Users\Teffala\Desktop\Oblivion Mod Manager.lnk
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-08-27 16:25 - 2014-06-30 16:17 - 00000000 ____D () C:\Users\Teffala\AppData\Local\VirtualStore
2014-08-26 20:35 - 2014-08-26 20:29 - 00000000 ____D () C:\Users\Teffala\AppData\Local\Oblivion
2014-08-26 20:30 - 2014-08-26 20:30 - 00000000 ____D () C:\Users\Teffala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 20:29 - 2014-08-13 15:43 - 00000000 ____D () C:\Users\Teffala\Documents\my games
2014-08-25 06:53 - 2010-11-21 15:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 14:07 - 2014-08-28 07:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 13:45 - 2014-08-28 07:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 12:59 - 2014-08-28 07:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:42 - 2014-08-21 19:42 - 00000221 _____ () C:\Users\Teffala\Desktop\Metro 2033.url

Some content of TEMP:
====================
C:\Users\Teffala\AppData\Local\Temp\BullseyeCoverage-2-x86.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:50

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    1.1 KB · Views: 122
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Teffala at 2014-09-20 21:11:45 Run:2
Running from C:\Users\Teffala\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\...\MountPoints2: {7e8149c8-000b-11e4-951b-806e6f6e6963} - D:\Run.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

*****************

Processes closed successfully.
HKU\S-1-5-21-337889521-3967207631-3113226611-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
"HKU\S-1-5-21-337889521-3967207631-3113226611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e8149c8-000b-11e4-951b-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{7e8149c8-000b-11e4-951b-806e6f6e6963}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
IDriverT => Service deleted successfully.
EraserUtilDrv11311 => Error deleting Service
EraserUtilDrv11410 => Service deleted successfully.
EmptyTemp: => Removed 394.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
 
teffalacat

teffalacat

New Member
Thread author
Sep 17, 2014
11
I think this did it? When I logged in, Mozilla didn't automatically open, and didn't display the gameharbor page.

EDIT: Logged out of my user and logged back in again, and waited to see if Firefox would launch itself and show the gameharbor page. It didn't, so... Thank you!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Nice ;)


Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

Similar threads

crispeekreme
  • Locked
Waiting for reply A variant of DJVU (.nood) says online forum, please help.
Replies
1
Views
262
Windows Malware Removal Help & Support
nasdaq
nasdaq
H
  • Locked
Cannot remove CANISLUPUSPALLIPES
Replies
4
Views
387
Windows Malware Removal Help & Support
nasdaq
nasdaq
L
  • Locked
No Reply cdcc ransomware
Replies
2
Views
479
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top