Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
multiple malware .exe*32 slowing down computer
Message
<blockquote data-quote="peeaitcheye" data-source="post: 324047" data-attributes="member: 32508"><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version: v2014.12.30.02</p><p></p><p>Windows 7 x64 NTFS</p><p>Internet Explorer 8.0.7600.16385</p><p>peeaitcheye :: PEEAITCHEYE-PC [administrator]</p><p></p><p>12/29/2014 9:56:19 PM</p><p>mbar-log-2014-12-29 (21-56-19).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled:</p><p>Objects scanned: 323315</p><p>Time elapsed: 4 minute(s), 9 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7600 Windows 7 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7600.16385</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED</p><p>CPU speed: 3.400000 GHz</p><p>Memory total: 8541671424, free: 6671433728</p><p></p><p>Downloaded database version: v2014.12.30.02</p><p>Downloaded database version: v2014.12.29.02</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7600 Windows 7 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7600.16385</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED</p><p>CPU speed: 3.400000 GHz</p><p>Memory total: 8541671424, free: 6937309184</p><p></p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 12/29/2014 21:56:13</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\DRIVERS\ACPI.sys</p><p>\SystemRoot\system32\DRIVERS\WMILIB.SYS</p><p>\SystemRoot\system32\DRIVERS\msisadrv.sys</p><p>\SystemRoot\system32\DRIVERS\pci.sys</p><p>\SystemRoot\system32\DRIVERS\vdrvroot.sys</p><p>\SystemRoot\system32\DRIVERS\iusb3hcs.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\system32\DRIVERS\pciide.sys</p><p>\SystemRoot\system32\DRIVERS\PCIIDEX.SYS</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\DRIVERS\atapi.sys</p><p>\SystemRoot\system32\DRIVERS\ataport.SYS</p><p>\SystemRoot\system32\DRIVERS\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\DRIVERS\vmstorfl.sys</p><p>\SystemRoot\system32\DRIVERS\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\disk.sys</p><p>\SystemRoot\system32\DRIVERS\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\ws2ifsl.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\serial.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\system32\drivers\csc.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\atikmpag.sys</p><p>\SystemRoot\system32\DRIVERS\atikmdag.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\iusb3xhc.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\serenum.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\rdpbus.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\AtihdW76.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\iusb3hub.sys</p><p>\SystemRoot\system32\drivers\RTKVHD64.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_atapi.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\RTL8192su.sys</p><p>\SystemRoot\System32\drivers\vwifibus.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\drivers\usbaudio.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa80089f3620</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000076\</p><p>Lower Device Object: 0xfffffa80087e3b70</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa800780c060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\</p><p>Lower Device Object: 0xfffffa800752e060</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800780cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800743de40, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa800752e060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: C99914E6</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 511793152</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 512000000 Numsec = 1024000000</p><p></p><p> Partition 3 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1536000000 Numsec = 2371026944</p><p></p><p>Disk Size: 2000398934016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 512</p><p>Drive: 1, DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8008851b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80087e3b70, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p>Drive 1</p><p>Scanning MBR on drive 1...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: F86F2</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 2930270208</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 1500299395072 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...</p><p>Removal finished</p><p></p><p></p><p></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014</p><p>Ran by peeaitcheye (administrator) on PEEAITCHEYE-PC on 29-12-2014 22:02:58</p><p>Running from C:\Users\peeaitcheye\Desktop</p><p>Loaded Profile: peeaitcheye (Available profiles: peeaitcheye)</p><p>Platform: Windows 7 Professional (X64) OS Language: English (United States)</p><p>Internet Explorer Version 8 (Default browser: IE)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe</p><p>(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Realtek) C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtlService.exe</p><p>(Realtek Semiconductor Corp.) C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtWLan.exe</p><p>(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe</p><p>(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)</p><p>HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)</p><p>HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKU\S-1-5-21-1733408913-109812225-2979640582-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome</a></p><p>HKU\S-1-5-21-1733408913-109812225-2979640582-1000\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\peeaitcheye\AppData\Roaming\Mozilla\Firefox\Profiles\183bpjzd.default</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p></p><p>Chrome:</p><p>=======</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()</p><p>CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File</p><p>CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gears.dll No File</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>CHR Plugin: (Default Plug-in) - default_plugin No File</p><p>CHR Profile: C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-28]</p><p>CHR Extension: (Adblock Plus) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-27]</p><p>CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-12-27]</p><p>CHR Extension: (Chrome AdBlock Plus) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpbdggplehjfceendelhkobogklpngg [2014-12-27]</p><p>CHR Extension: (Google Wallet) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)</p><p>R2 Realtek11nSU; C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]</p><p>R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-28] (RaMMicHaeL)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-29 21:56 - 2014-12-29 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2014-12-29 21:54 - 2014-12-29 22:00 - 00000000 ____D () C:\Users\peeaitcheye\Desktop\mbar</p><p>2014-12-29 21:53 - 2014-12-29 21:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\peeaitcheye\Downloads\mbar-1.08.2.1001.exe</p><p>2014-12-28 23:31 - 2014-12-29 22:03 - 00007144 _____ () C:\Users\peeaitcheye\Desktop\FRST.txt</p><p>2014-12-28 23:31 - 2014-12-28 23:32 - 00024148 _____ () C:\Users\peeaitcheye\Desktop\Addition.txt</p><p>2014-12-28 23:18 - 2014-12-28 23:19 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\peeaitcheye\Downloads\tdsskiller.exe</p><p>2014-12-28 23:11 - 2014-12-29 22:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-12-28 23:11 - 2014-12-29 21:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-12-28 23:11 - 2014-12-28 23:11 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-12-28 23:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-12-28 23:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-12-28 23:10 - 2014-12-28 23:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\peeaitcheye\Downloads\mbam-setup-2.0.4.1028.exe</p><p>2014-12-28 23:05 - 2014-12-28 23:05 - 00008196 _____ () C:\ComboFix.txt</p><p>2014-12-28 23:01 - 2014-12-28 23:05 - 00000000 ____D () C:\Qoobox</p><p>2014-12-28 23:01 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe</p><p>2014-12-28 23:01 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe</p><p>2014-12-28 23:01 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe</p><p>2014-12-28 23:01 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe</p><p>2014-12-28 23:01 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe</p><p>2014-12-28 23:01 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe</p><p>2014-12-28 23:01 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe</p><p>2014-12-28 23:01 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe</p><p>2014-12-28 22:59 - 2014-12-28 23:05 - 00000000 ____D () C:\Windows\erdnt</p><p>2014-12-28 22:59 - 2014-12-28 22:59 - 05603624 ____R (Swearware) C:\Users\peeaitcheye\Downloads\ComboFix.exe</p><p>2014-12-28 22:54 - 2014-12-28 22:54 - 00012106 _____ () C:\Users\peeaitcheye\Downloads\Addition.txt</p><p>2014-12-28 22:53 - 2014-12-29 22:02 - 00000000 ____D () C:\FRST</p><p>2014-12-28 22:53 - 2014-12-28 22:54 - 00030070 _____ () C:\Users\peeaitcheye\Downloads\FRST.txt</p><p>2014-12-28 22:53 - 2014-12-28 22:53 - 02123264 _____ (Farbar) C:\Users\peeaitcheye\Desktop\FRST64.exe</p><p>2014-12-28 22:52 - 2014-12-28 22:52 - 01114624 _____ (Farbar) C:\Users\peeaitcheye\Downloads\FRST.exe</p><p>2014-12-28 22:43 - 2014-12-28 22:43 - 00001019 _____ () C:\Users\Public\Desktop\Unchecky.lnk</p><p>2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\ProgramData\Unchecky</p><p>2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky</p><p>2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\Program Files (x86)\Unchecky</p><p>2014-12-27 22:48 - 2014-12-27 22:48 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\WinRAR</p><p>2014-12-27 16:16 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p>2014-12-27 16:14 - 2014-12-27 16:14 - 01941064 _____ () C:\Users\peeaitcheye\Downloads\winrar-x64-520.exe</p><p>2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR</p><p>2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR</p><p>2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\Program Files\WinRAR</p><p>2014-12-27 16:13 - 2014-12-27 16:13 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk</p><p>2014-12-27 16:13 - 2014-12-27 16:13 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk</p><p>2014-12-27 16:13 - 2014-12-27 16:13 - 00000064 _____ () C:\Users\peeaitcheye\AppData\Local\092b24a5009100c0c5fc578f330d5f31</p><p>2014-12-27 16:13 - 2014-12-27 16:13 - 00000000 ____D () C:\Users\peeaitcheye\.swt</p><p>2014-12-27 16:12 - 2014-12-29 01:12 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Azureus</p><p>2014-12-27 16:12 - 2014-12-27 16:13 - 00000000 ____D () C:\Program Files\Vuze</p><p>2014-12-27 16:08 - 2014-12-27 16:09 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Mozilla</p><p>2014-12-27 16:08 - 2014-12-27 16:09 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\Mozilla</p><p>2014-12-27 16:08 - 2014-12-27 16:08 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-12-27 16:08 - 2014-12-27 16:08 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\ProgramData\Mozilla</p><p>2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-12-27 16:07 - 2014-12-27 16:07 - 00244104 _____ () C:\Users\peeaitcheye\Downloads\Firefox Setup Stub 34.0.5.exe</p><p>2014-12-27 16:01 - 2014-12-29 01:12 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\vlc</p><p>2014-12-27 16:00 - 2014-12-27 16:00 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk</p><p>2014-12-27 16:00 - 2014-12-27 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN</p><p>2014-12-27 16:00 - 2014-12-27 16:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN</p><p>2014-12-27 15:58 - 2014-12-27 15:58 - 00057560 _____ () C:\Users\peeaitcheye\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\ATI</p><p>2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\ATI</p><p>2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\ProgramData\ATI</p><p>2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 _____ () C:\Windows\ativpsrm.bin</p><p>2014-12-27 15:57 - 2014-12-27 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard</p><p>2014-12-27 15:56 - 2014-12-27 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center</p><p>2014-12-27 15:56 - 2014-12-27 15:56 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies</p><p>2014-12-27 15:55 - 2010-09-28 17:55 - 00078848 _____ () C:\Windows\system32\atiapfxx.blb</p><p>2014-12-27 15:55 - 2010-09-28 17:51 - 00450560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll</p><p>2014-12-27 15:55 - 2010-09-28 17:23 - 00058880 _____ (AMD) C:\Windows\system32\coinst.dll</p><p>2014-12-27 15:55 - 2010-08-16 02:42 - 00116240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Drivers\AtihdW76.sys</p><p>2014-12-27 15:55 - 2010-08-12 07:12 - 00022190 _____ () C:\Windows\atiogl.xml</p><p>2014-12-27 15:55 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\SysWOW64\atipblag.dat</p><p>2014-12-27 15:55 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\system32\atipblag.dat</p><p>2014-12-27 15:54 - 2014-12-27 15:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies</p><p>2014-12-27 15:54 - 2014-12-27 15:56 - 00000000 ____D () C:\Program Files\ATI Technologies</p><p>2014-12-27 15:54 - 2014-12-27 15:54 - 00000000 ____D () C:\Program Files\ATI</p><p>2014-12-27 15:50 - 2014-12-27 15:50 - 00002328 _____ () C:\Users\Public\Desktop\RNX-N150UBE 11n USB Wireless LAN Utility.lnk</p><p>2014-12-27 15:50 - 2014-12-27 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RNX-N150UBE 11n USB Wireless LAN Utility</p><p>2014-12-27 15:50 - 2014-12-27 15:50 - 00000000 ____D () C:\Program Files (x86)\Cisco</p><p>2014-12-27 15:49 - 2014-12-27 15:49 - 00000000 ____D () C:\Program Files (x86)\RNX-N150UBE</p><p>2014-12-27 15:49 - 2009-11-11 20:54 - 00676864 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192su.sys</p><p>2014-12-27 15:49 - 2009-04-02 14:27 - 00188416 ____R (Realtek Semiconductor Corp. ) C:\Windows\system32\RTLExtUI.dll</p><p>2014-12-27 15:49 - 2009-04-02 14:27 - 00188416 ____R (Realtek Semiconductor Corp. ) C:\Windows\RTLExtUI.dll</p><p>2014-12-27 15:49 - 2009-03-31 18:31 - 00380928 ____R (Realtek) C:\Windows\system32\RtlUI2.exe</p><p>2014-12-27 15:49 - 2009-03-31 18:31 - 00380928 ____R (Realtek) C:\Windows\RtlUI2.exe</p><p>2014-12-27 15:49 - 2009-02-05 02:49 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe</p><p>2014-12-27 15:49 - 2008-07-01 16:31 - 00614400 ____R (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll</p><p>2014-12-27 15:49 - 2008-07-01 16:31 - 00614400 ____R (Realtek Semiconductor Corp. ) C:\Windows\Rtlihvs.dll</p><p>2014-12-27 15:46 - 2014-12-27 15:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf</p><p>2014-12-27 15:46 - 2012-01-26 09:39 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys</p><p>2014-12-27 15:45 - 2012-01-26 09:39 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys</p><p>2014-12-27 15:45 - 2012-01-26 09:39 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys</p><p>2014-12-27 15:44 - 2014-12-27 15:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information</p><p>2014-12-27 15:44 - 2014-12-27 15:45 - 00000189 _____ () C:\Windows\LAN.log</p><p>2014-12-27 15:44 - 2014-12-27 15:44 - 00002169 _____ () C:\RHDSetup.log</p><p>2014-12-27 15:44 - 2014-12-27 15:44 - 00000206 _____ () C:\Windows\audio.log</p><p>2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ___HD () C:\Program Files (x86)\Temp</p><p>2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM</p><p>2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Program Files\Realtek</p><p>2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Program Files (x86)\Realtek</p><p>2014-12-27 15:44 - 2011-12-13 02:27 - 04718952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys</p><p>2014-12-27 15:44 - 2011-12-13 00:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl</p><p>2014-12-27 15:44 - 2011-12-13 00:25 - 00200468 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT</p><p>2014-12-27 15:44 - 2011-12-12 19:01 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll</p><p>2014-12-27 15:44 - 2011-12-12 01:20 - 00100456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll</p><p>2014-12-27 15:44 - 2011-12-09 00:42 - 02684416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat</p><p>2014-12-27 15:44 - 2011-12-08 01:28 - 01969768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll</p><p>2014-12-27 15:44 - 2011-12-08 00:27 - 03744872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll</p><p>2014-12-27 15:44 - 2011-11-22 00:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll</p><p>2014-12-27 15:44 - 2011-11-21 19:36 - 02615400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll</p><p>2014-12-27 15:44 - 2011-11-18 00:40 - 00219752 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll</p><p>2014-12-27 15:44 - 2011-10-17 21:55 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll</p><p>2014-12-27 15:44 - 2011-09-29 01:30 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys</p><p>2014-12-27 15:44 - 2011-09-29 01:30 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll</p><p>2014-12-27 15:44 - 2011-09-29 01:30 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll</p><p>2014-12-27 15:44 - 2011-09-01 22:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll</p><p>2014-12-27 15:44 - 2011-09-01 22:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll</p><p>2014-12-27 15:44 - 2011-09-01 22:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll</p><p>2014-12-27 15:44 - 2011-08-23 01:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll</p><p>2014-12-27 15:44 - 2011-08-05 09:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll</p><p>2014-12-27 15:44 - 2011-08-05 09:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll</p><p>2014-12-27 15:44 - 2011-08-05 09:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll</p><p>2014-12-27 15:44 - 2011-07-27 08:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll</p><p>2014-12-27 15:44 - 2011-07-27 08:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll</p><p>2014-12-27 15:44 - 2011-07-22 03:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll</p><p>2014-12-27 15:44 - 2011-07-07 22:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll</p><p>2014-12-27 15:44 - 2011-06-26 22:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll</p><p>2014-12-27 15:44 - 2011-06-13 19:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll</p><p>2014-12-27 15:44 - 2011-05-30 17:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll</p><p>2014-12-27 15:44 - 2011-05-04 23:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll</p><p>2014-12-27 15:44 - 2011-05-01 22:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll</p><p>2014-12-27 15:44 - 2011-05-01 22:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll</p><p>2014-12-27 15:44 - 2011-05-01 22:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll</p><p>2014-12-27 15:44 - 2011-05-01 22:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll</p><p>2014-12-27 15:44 - 2011-05-01 22:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll</p><p>2014-12-27 15:44 - 2011-03-16 20:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll</p><p>2014-12-27 15:44 - 2011-03-07 01:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll</p><p>2014-12-27 15:44 - 2010-11-28 22:36 - 00702808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll</p><p>2014-12-27 15:44 - 2010-11-07 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll</p><p>2014-12-27 15:44 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll</p><p>2014-12-27 15:44 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll</p><p>2014-12-27 15:44 - 2010-11-07 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll</p><p>2014-12-27 15:44 - 2010-11-07 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll</p><p>2014-12-27 15:44 - 2010-11-07 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll</p><p>2014-12-27 15:44 - 2010-11-03 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll</p><p>2014-12-27 15:44 - 2010-10-02 21:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll</p><p>2014-12-27 15:44 - 2010-09-26 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll</p><p>2014-12-27 15:44 - 2010-07-22 00:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll</p><p>2014-12-27 15:44 - 2010-07-22 00:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll</p><p>2014-12-27 15:44 - 2010-05-06 01:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll</p><p>2014-12-27 15:44 - 2009-11-23 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll</p><p>2014-12-27 15:44 - 2009-11-23 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll</p><p>2014-12-27 15:44 - 2009-11-23 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll</p><p>2014-12-27 15:44 - 2009-11-23 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll</p><p>2014-12-27 15:44 - 2009-11-17 02:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll</p><p>2014-12-27 15:42 - 2014-12-27 15:45 - 00000000 ____D () C:\Program Files (x86)\Intel</p><p>2014-12-27 15:42 - 2014-12-27 15:42 - 00000000 ____D () C:\Intel</p><p>2014-12-27 15:42 - 2011-12-05 23:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll</p><p>2014-12-27 15:41 - 2014-12-29 21:46 - 00001154 _____ () C:\Windows\PFRO.log</p><p>2014-12-27 15:41 - 2014-12-27 15:41 - 00000000 ____D () C:\Windows\AsusInstAll</p><p>2014-12-27 15:40 - 2014-12-29 22:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-12-27 15:40 - 2014-12-29 21:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-12-27 15:40 - 2014-12-27 16:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-12-27 15:40 - 2014-12-27 16:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-12-27 15:40 - 2014-12-27 16:16 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-12-27 15:40 - 2014-12-27 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-12-27 15:40 - 2014-12-27 16:03 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\Google</p><p>2014-12-27 15:40 - 2014-12-27 15:46 - 00047448 _____ () C:\Windows\Ascd_log.ini</p><p>2014-12-27 15:40 - 2014-12-27 15:46 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS</p><p>2014-12-27 15:40 - 2014-12-27 15:40 - 00000000 ____D () C:\Program Files (x86)\Google</p><p>2014-12-27 15:39 - 2014-12-27 15:39 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll</p><p>2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\Windows\Chipset</p><p>2014-12-27 15:39 - 2011-02-24 22:36 - 00295296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys</p><p>2014-12-27 15:38 - 2014-12-27 15:38 - 00034677 _____ () C:\Windows\Ascd_tmp.ini</p><p>2014-12-27 15:38 - 2014-12-27 15:38 - 00001769 _____ () C:\Windows\Language_trs.ini</p><p>2014-12-27 15:37 - 2014-12-27 15:37 - 00001443 _____ () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2014-12-27 15:37 - 2014-12-27 15:37 - 00001409 _____ () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk</p><p>2014-12-27 15:37 - 2014-12-27 15:37 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\VirtualStore</p><p>2014-12-27 15:36 - 2014-12-27 16:13 - 00000000 ____D () C:\Users\peeaitcheye</p><p>2014-12-27 15:36 - 2014-12-27 15:36 - 00000020 ___SH () C:\Users\peeaitcheye\ntuser.ini</p><p>2014-12-27 15:36 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-12-27 15:36 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2014-12-27 15:35 - 2014-12-27 15:35 - 00000000 ____D () C:\Recovery</p><p>2014-12-27 15:23 - 2014-12-27 15:23 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</p><p>2014-12-27 15:22 - 2014-12-27 15:22 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk</p><p>2014-12-27 15:22 - 2014-12-27 15:22 - 00001313 _____ () C:\Windows\TSSysprep.log</p><p>2014-12-27 15:20 - 2014-12-29 22:00 - 00056423 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-12-27 15:17 - 2014-12-27 15:36 - 00000000 ____D () C:\Windows\Panther</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-29 22:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-12-29 22:02 - 2009-07-13 20:51 - 00018799 _____ () C:\Windows\setupact.log</p><p>2014-12-29 21:55 - 2009-07-13 20:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-29 21:55 - 2009-07-13 20:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-29 21:51 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-12-28 23:05 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD</p><p>2014-12-28 23:05 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default</p><p>2014-12-28 23:04 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini</p><p>2014-12-28 15:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-12-27 19:39 - 2009-07-13 23:47 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\winrm</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\WCN</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\slmgr</p><p>2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts</p><p>2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar</p><p>2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer</p><p>2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender</p><p>2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar</p><p>2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer</p><p>2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\MUI</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\migwiz</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\com</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME</p><p>2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System</p><p>2014-12-27 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO</p><p>2014-12-27 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ro-RO</p><p>2014-12-27 19:37 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep</p><p>2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup</p><p>2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe</p><p>2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Setup</p><p>2014-12-27 15:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore</p><p>2014-12-27 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Recovery</p><p>2014-12-27 15:22 - 2009-07-13 20:46 - 00001774 _____ () C:\Windows\DtcInstall.log</p><p>2014-12-27 15:22 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-12-27 15:18 - 2009-07-13 23:46 - 00000000 ____D () C:\Windows\CSC</p><p>2014-12-27 15:18 - 2009-07-13 20:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-12-27 15:17 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG</p><p>2014-12-27 15:17 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template</p><p>2014-12-27 15:16 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\peeaitcheye\AppData\Local\Temp\libProcessAccess645246098306582258253.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-12-27 17:47</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014</p><p>Ran by peeaitcheye at 2014-12-29 22:03:30</p><p>Running from C:\Users\peeaitcheye\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden</p><p>ATI Catalyst Install Manager (HKLM\...\{4E594F8A-B042-B61D-DADC-08822B630781}) (Version: 3.0.795.0 - ATI Technologies, Inc.)</p><p>ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden</p><p>ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden</p><p>Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)</p><p>Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)</p><p>Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden</p><p>Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)</p><p>REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - REALTEK Semiconductor Corp.)</p><p>Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)</p><p>VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)</p><p>Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)</p><p>WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>27-12-2014 15:39:09 Windows Update</p><p>27-12-2014 15:44:41 Installed Realtek Ethernet Controller Driver</p><p>27-12-2014 15:49:00 Installed RNX-N150UBE 11n USB Wireless LAN Driver and Utility</p><p>27-12-2014 15:55:31 Device Driver Package Install: ATI Technologies Inc. Display adapters</p><p>27-12-2014 16:16:03 Windows Update</p><p>27-12-2014 19:36:12 Language Pack Removal</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 18:34 - 2014-12-29 22:02 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts</p><p>0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly</p><p>0.0.0.0 tracking.opencandy.com.s3.amazonaws.com</p><p>0.0.0.0 media.opencandy.com</p><p>0.0.0.0 cdn.opencandy.com</p><p>0.0.0.0 tracking.opencandy.com</p><p>0.0.0.0 api.opencandy.com</p><p>0.0.0.0 installer.betterinstaller.com</p><p>0.0.0.0 installer.filebulldog.com</p><p>0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net</p><p>0.0.0.0 inno.bisrv.com</p><p>0.0.0.0 nsis.bisrv.com</p><p>0.0.0.0 cdn.file2desktop.com</p><p>0.0.0.0 cdn.goateastcach.us</p><p>0.0.0.0 cdn.guttastatdk.us</p><p>0.0.0.0 cdn.inskinmedia.com</p><p>0.0.0.0 cdn.insta.oibundles2.com</p><p>0.0.0.0 cdn.insta.playbryte.com</p><p>0.0.0.0 cdn.llogetfastcach.us</p><p>0.0.0.0 cdn.montiera.com</p><p>0.0.0.0 cdn.msdwnld.com</p><p>0.0.0.0 cdn.mypcbackup.com</p><p>0.0.0.0 cdn.ppdownload.com</p><p>0.0.0.0 cdn.riceateastcach.us</p><p>0.0.0.0 cdn.shyapotato.us</p><p>0.0.0.0 cdn.solimba.com</p><p>0.0.0.0 cdn.tuto4pc.com</p><p>0.0.0.0 cdn.appround.biz</p><p>0.0.0.0 cdn.bigspeedpro.com</p><p>0.0.0.0 cdn.bispd.com</p><p></p><p>There are 4 more lines.</p><p></p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {20888339-8EE2-4ADA-84A8-FC30AAF71E64} - System32\Tasks\ASUS\i-Setup153904 => C:\Windows\Chipset\AsusSetup.exe [2010-09-07] (ASUSTeK Computer Inc.)</p><p>Task: {65E61EB1-BA0F-4E21-A358-DD09569ECDE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)</p><p>Task: {7F4E1D7E-49A3-41C0-A5D5-CE7743E80A1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll</p><p>2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll</p><p>2014-12-27 15:49 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\EnumDevLib.dll</p><p>2014-12-27 16:08 - 2014-11-26 08:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-1733408913-109812225-2979640582-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-1733408913-109812225-2979640582-501 - Limited - Disabled)</p><p>peeaitcheye (S-1-5-21-1733408913-109812225-2979640582-1000 - Administrator - Enabled) => C:\Users\peeaitcheye</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: PCI Simple Communications Controller</p><p>Description: PCI Simple Communications Controller</p><p>Class Guid:</p><p>Manufacturer:</p><p>Service:</p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/27/2014 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f</p><p>Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf</p><p>Exception code: 0xe0434f4d</p><p>Fault offset: 0x0000b727</p><p>Faulting process id: 0x%9</p><p>Faulting application start time: 0xtasks.exe0</p><p>Faulting application path: tasks.exe1</p><p>Faulting module path: tasks.exe2</p><p>Report Id: tasks.exe3</p><p></p><p>Error: (12/27/2014 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )</p><p>Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -546.</p><p></p><p>Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )</p><p>Description: Catalog Database (520) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.</p><p></p><p>Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )</p><p>Description: Catalog Database (520) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/29/2014 09:59:33 PM) (Source: Disk) (EventID: 7) (User: )</p><p>Description: The device, \Device\Harddisk0\DR0, has a bad block.</p><p></p><p>Error: (12/29/2014 09:59:20 PM) (Source: Disk) (EventID: 7) (User: )</p><p>Description: The device, \Device\Harddisk0\DR0, has a bad block.</p><p></p><p>Error: (12/29/2014 09:59:18 PM) (Source: Disk) (EventID: 7) (User: )</p><p>Description: The device, \Device\Harddisk0\DR0, has a bad block.</p><p></p><p>Error: (12/29/2014 09:59:15 PM) (Source: Disk) (EventID: 7) (User: )</p><p>Description: The device, \Device\Harddisk0\DR0, has a bad block.</p><p></p><p>Error: (12/29/2014 09:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Google Update Service (gupdate) service failed to start due to the following error:</p><p>%%1053</p><p></p><p>Error: (12/29/2014 09:50:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.</p><p></p><p>Error: (12/29/2014 09:49:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.</p><p></p><p>Error: (12/29/2014 09:48:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.</p><p></p><p>Error: (12/29/2014 00:25:57 AM) (Source: Disk) (EventID: 7) (User: )</p><p>Description: The device, \Device\Harddisk0\DR0, has a bad block.</p><p></p><p>Error: (12/29/2014 00:25:54 AM) (Source: Disk) (EventID: 7) (User: )</p><p>Description: The device, \Device\Harddisk0\DR0, has a bad block.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (12/27/2014 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7600.163854a5bdbdfe0434f4d0000b727</p><p></p><p>Error: (12/27/2014 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )</p><p>Description: -546</p><p></p><p>Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )</p><p>Description: Catalog Database520Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546</p><p></p><p>Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: )</p><p>Description: Catalog Database520Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz</p><p>Percentage of memory in use: 20%</p><p>Total physical RAM: 8145.97 MB</p><p>Available physical RAM: 6515.82 MB</p><p>Total Pagefile: 16290.09 MB</p><p>Available Pagefile: 14337.58 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.84 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:244.04 GB) (Free:217.61 GB) NTFS</p><p>Drive d: () (Fixed) (Total:488.28 GB) (Free:488.18 GB) NTFS</p><p>Drive e: () (Fixed) (Total:1130.59 GB) (Free:1110.44 GB) NTFS</p><p>Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:425.25 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C99914E6)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=1130.6 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 000F86F2)</p><p>Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="peeaitcheye, post: 324047, member: 32508"] Malwarebytes Anti-Rootkit BETA 1.08.2.1001 [url="http://www.malwarebytes.org"]www.malwarebytes.org[/url] Database version: v2014.12.30.02 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 peeaitcheye :: PEEAITCHEYE-PC [administrator] 12/29/2014 9:56:19 PM mbar-log-2014-12-29 (21-56-19).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 323315 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 3.400000 GHz Memory total: 8541671424, free: 6671433728 Downloaded database version: v2014.12.30.02 Downloaded database version: v2014.12.29.02 Downloaded database version: v2014.12.06.01 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 3.400000 GHz Memory total: 8541671424, free: 6937309184 ======================================= Initializing... ------------ Kernel report ------------ 12/29/2014 21:56:13 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\RTL8192su.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\user32.dll \Windows\System32\clbcatq.dll \Windows\System32\iertutil.dll \Windows\System32\Wldap32.dll \Windows\System32\rpcrt4.dll \Windows\System32\msvcrt.dll \Windows\System32\oleaut32.dll \Windows\System32\comdlg32.dll \Windows\System32\imm32.dll \Windows\System32\lpk.dll \Windows\System32\normaliz.dll \Windows\System32\shlwapi.dll \Windows\System32\urlmon.dll \Windows\System32\difxapi.dll \Windows\System32\ws2_32.dll \Windows\System32\ole32.dll \Windows\System32\shell32.dll \Windows\System32\advapi32.dll \Windows\System32\kernel32.dll \Windows\System32\msctf.dll \Windows\System32\usp10.dll \Windows\System32\imagehlp.dll \Windows\System32\setupapi.dll \Windows\System32\nsi.dll \Windows\System32\wininet.dll \Windows\System32\psapi.dll \Windows\System32\gdi32.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80089f3620 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000076\ Lower Device Object: 0xfffffa80087e3b70 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800780c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xfffffa800752e060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800780cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800780c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800743de40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800752e060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C99914E6 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 511793152 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 512000000 Numsec = 1024000000 Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1536000000 Numsec = 2371026944 Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008851b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80089f3620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80087e3b70, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: F86F2 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 2930270208 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1500299395072 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by peeaitcheye (administrator) on PEEAITCHEYE-PC on 29-12-2014 22:02:58 Running from C:\Users\peeaitcheye\Desktop Loaded Profile: peeaitcheye (Available profiles: peeaitcheye) Platform: Windows 7 Professional (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Realtek) C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtWLan.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1733408913-109812225-2979640582-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome[/url] HKU\S-1-5-21-1733408913-109812225-2979640582-1000\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\peeaitcheye\AppData\Roaming\Mozilla\Firefox\Profiles\183bpjzd.default FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gears.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-28] CHR Extension: (Adblock Plus) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-27] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-12-27] CHR Extension: (Chrome AdBlock Plus) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpbdggplehjfceendelhkobogklpngg [2014-12-27] CHR Extension: (Google Wallet) - C:\Users\peeaitcheye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Realtek11nSU; C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed] R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-28] (RaMMicHaeL) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 21:56 - 2014-12-29 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-29 21:54 - 2014-12-29 22:00 - 00000000 ____D () C:\Users\peeaitcheye\Desktop\mbar 2014-12-29 21:53 - 2014-12-29 21:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\peeaitcheye\Downloads\mbar-1.08.2.1001.exe 2014-12-28 23:31 - 2014-12-29 22:03 - 00007144 _____ () C:\Users\peeaitcheye\Desktop\FRST.txt 2014-12-28 23:31 - 2014-12-28 23:32 - 00024148 _____ () C:\Users\peeaitcheye\Desktop\Addition.txt 2014-12-28 23:18 - 2014-12-28 23:19 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\peeaitcheye\Downloads\tdsskiller.exe 2014-12-28 23:11 - 2014-12-29 22:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-28 23:11 - 2014-12-29 21:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-28 23:11 - 2014-12-28 23:11 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-28 23:11 - 2014-12-28 23:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-28 23:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-28 23:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-28 23:10 - 2014-12-28 23:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\peeaitcheye\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-28 23:05 - 2014-12-28 23:05 - 00008196 _____ () C:\ComboFix.txt 2014-12-28 23:01 - 2014-12-28 23:05 - 00000000 ____D () C:\Qoobox 2014-12-28 23:01 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-28 23:01 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-28 23:01 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-28 23:01 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-28 23:01 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-28 23:01 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-28 23:01 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-28 23:01 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-28 22:59 - 2014-12-28 23:05 - 00000000 ____D () C:\Windows\erdnt 2014-12-28 22:59 - 2014-12-28 22:59 - 05603624 ____R (Swearware) C:\Users\peeaitcheye\Downloads\ComboFix.exe 2014-12-28 22:54 - 2014-12-28 22:54 - 00012106 _____ () C:\Users\peeaitcheye\Downloads\Addition.txt 2014-12-28 22:53 - 2014-12-29 22:02 - 00000000 ____D () C:\FRST 2014-12-28 22:53 - 2014-12-28 22:54 - 00030070 _____ () C:\Users\peeaitcheye\Downloads\FRST.txt 2014-12-28 22:53 - 2014-12-28 22:53 - 02123264 _____ (Farbar) C:\Users\peeaitcheye\Desktop\FRST64.exe 2014-12-28 22:52 - 2014-12-28 22:52 - 01114624 _____ (Farbar) C:\Users\peeaitcheye\Downloads\FRST.exe 2014-12-28 22:43 - 2014-12-28 22:43 - 00001019 _____ () C:\Users\Public\Desktop\Unchecky.lnk 2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\ProgramData\Unchecky 2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2014-12-28 22:43 - 2014-12-28 22:43 - 00000000 ____D () C:\Program Files (x86)\Unchecky 2014-12-27 22:48 - 2014-12-27 22:48 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\WinRAR 2014-12-27 16:16 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-27 16:14 - 2014-12-27 16:14 - 01941064 _____ () C:\Users\peeaitcheye\Downloads\winrar-x64-520.exe 2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-27 16:14 - 2014-12-27 16:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-12-27 16:13 - 2014-12-27 16:13 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk 2014-12-27 16:13 - 2014-12-27 16:13 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk 2014-12-27 16:13 - 2014-12-27 16:13 - 00000064 _____ () C:\Users\peeaitcheye\AppData\Local\092b24a5009100c0c5fc578f330d5f31 2014-12-27 16:13 - 2014-12-27 16:13 - 00000000 ____D () C:\Users\peeaitcheye\.swt 2014-12-27 16:12 - 2014-12-29 01:12 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Azureus 2014-12-27 16:12 - 2014-12-27 16:13 - 00000000 ____D () C:\Program Files\Vuze 2014-12-27 16:08 - 2014-12-27 16:09 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\Mozilla 2014-12-27 16:08 - 2014-12-27 16:09 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\Mozilla 2014-12-27 16:08 - 2014-12-27 16:08 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-27 16:08 - 2014-12-27 16:08 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\ProgramData\Mozilla 2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-27 16:08 - 2014-12-27 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-27 16:07 - 2014-12-27 16:07 - 00244104 _____ () C:\Users\peeaitcheye\Downloads\Firefox Setup Stub 34.0.5.exe 2014-12-27 16:01 - 2014-12-29 01:12 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\vlc 2014-12-27 16:00 - 2014-12-27 16:00 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-12-27 16:00 - 2014-12-27 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-12-27 16:00 - 2014-12-27 16:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-12-27 15:58 - 2014-12-27 15:58 - 00057560 _____ () C:\Users\peeaitcheye\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Roaming\ATI 2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\ATI 2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 ____D () C:\ProgramData\ATI 2014-12-27 15:58 - 2014-12-27 15:58 - 00000000 _____ () C:\Windows\ativpsrm.bin 2014-12-27 15:57 - 2014-12-27 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard 2014-12-27 15:56 - 2014-12-27 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2014-12-27 15:56 - 2014-12-27 15:56 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-12-27 15:55 - 2010-09-28 17:55 - 00078848 _____ () C:\Windows\system32\atiapfxx.blb 2014-12-27 15:55 - 2010-09-28 17:51 - 00450560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll 2014-12-27 15:55 - 2010-09-28 17:23 - 00058880 _____ (AMD) C:\Windows\system32\coinst.dll 2014-12-27 15:55 - 2010-08-16 02:42 - 00116240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Drivers\AtihdW76.sys 2014-12-27 15:55 - 2010-08-12 07:12 - 00022190 _____ () C:\Windows\atiogl.xml 2014-12-27 15:55 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\SysWOW64\atipblag.dat 2014-12-27 15:55 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\system32\atipblag.dat 2014-12-27 15:54 - 2014-12-27 15:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-12-27 15:54 - 2014-12-27 15:56 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-12-27 15:54 - 2014-12-27 15:54 - 00000000 ____D () C:\Program Files\ATI 2014-12-27 15:50 - 2014-12-27 15:50 - 00002328 _____ () C:\Users\Public\Desktop\RNX-N150UBE 11n USB Wireless LAN Utility.lnk 2014-12-27 15:50 - 2014-12-27 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RNX-N150UBE 11n USB Wireless LAN Utility 2014-12-27 15:50 - 2014-12-27 15:50 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-12-27 15:49 - 2014-12-27 15:49 - 00000000 ____D () C:\Program Files (x86)\RNX-N150UBE 2014-12-27 15:49 - 2009-11-11 20:54 - 00676864 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192su.sys 2014-12-27 15:49 - 2009-04-02 14:27 - 00188416 ____R (Realtek Semiconductor Corp. ) C:\Windows\system32\RTLExtUI.dll 2014-12-27 15:49 - 2009-04-02 14:27 - 00188416 ____R (Realtek Semiconductor Corp. ) C:\Windows\RTLExtUI.dll 2014-12-27 15:49 - 2009-03-31 18:31 - 00380928 ____R (Realtek) C:\Windows\system32\RtlUI2.exe 2014-12-27 15:49 - 2009-03-31 18:31 - 00380928 ____R (Realtek) C:\Windows\RtlUI2.exe 2014-12-27 15:49 - 2009-02-05 02:49 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe 2014-12-27 15:49 - 2008-07-01 16:31 - 00614400 ____R (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll 2014-12-27 15:49 - 2008-07-01 16:31 - 00614400 ____R (Realtek Semiconductor Corp. ) C:\Windows\Rtlihvs.dll 2014-12-27 15:46 - 2014-12-27 15:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2014-12-27 15:46 - 2012-01-26 09:39 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys 2014-12-27 15:45 - 2012-01-26 09:39 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys 2014-12-27 15:45 - 2012-01-26 09:39 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys 2014-12-27 15:44 - 2014-12-27 15:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-27 15:44 - 2014-12-27 15:45 - 00000189 _____ () C:\Windows\LAN.log 2014-12-27 15:44 - 2014-12-27 15:44 - 00002169 _____ () C:\RHDSetup.log 2014-12-27 15:44 - 2014-12-27 15:44 - 00000206 _____ () C:\Windows\audio.log 2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ___HD () C:\Program Files (x86)\Temp 2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Program Files\Realtek 2014-12-27 15:44 - 2014-12-27 15:44 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-12-27 15:44 - 2011-12-13 02:27 - 04718952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2014-12-27 15:44 - 2011-12-13 00:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2014-12-27 15:44 - 2011-12-13 00:25 - 00200468 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT 2014-12-27 15:44 - 2011-12-12 19:01 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2014-12-27 15:44 - 2011-12-12 01:20 - 00100456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2014-12-27 15:44 - 2011-12-09 00:42 - 02684416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2014-12-27 15:44 - 2011-12-08 01:28 - 01969768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2014-12-27 15:44 - 2011-12-08 00:27 - 03744872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2014-12-27 15:44 - 2011-11-22 00:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2014-12-27 15:44 - 2011-11-21 19:36 - 02615400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2014-12-27 15:44 - 2011-11-18 00:40 - 00219752 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2014-12-27 15:44 - 2011-10-17 21:55 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2014-12-27 15:44 - 2011-09-29 01:30 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2014-12-27 15:44 - 2011-09-29 01:30 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2014-12-27 15:44 - 2011-09-29 01:30 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll 2014-12-27 15:44 - 2011-09-01 22:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll 2014-12-27 15:44 - 2011-09-01 22:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll 2014-12-27 15:44 - 2011-09-01 22:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll 2014-12-27 15:44 - 2011-08-23 01:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll 2014-12-27 15:44 - 2011-08-05 09:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll 2014-12-27 15:44 - 2011-08-05 09:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll 2014-12-27 15:44 - 2011-08-05 09:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll 2014-12-27 15:44 - 2011-07-27 08:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll 2014-12-27 15:44 - 2011-07-27 08:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2014-12-27 15:44 - 2011-07-22 03:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2014-12-27 15:44 - 2011-07-07 22:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll 2014-12-27 15:44 - 2011-06-26 22:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll 2014-12-27 15:44 - 2011-06-13 19:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2014-12-27 15:44 - 2011-05-30 17:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2014-12-27 15:44 - 2011-05-04 23:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2014-12-27 15:44 - 2011-05-01 22:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2014-12-27 15:44 - 2011-05-01 22:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2014-12-27 15:44 - 2011-05-01 22:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2014-12-27 15:44 - 2011-05-01 22:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2014-12-27 15:44 - 2011-05-01 22:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2014-12-27 15:44 - 2011-03-16 20:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll 2014-12-27 15:44 - 2011-03-07 01:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll 2014-12-27 15:44 - 2010-11-28 22:36 - 00702808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll 2014-12-27 15:44 - 2010-11-07 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2014-12-27 15:44 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2014-12-27 15:44 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2014-12-27 15:44 - 2010-11-07 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2014-12-27 15:44 - 2010-11-07 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2014-12-27 15:44 - 2010-11-07 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2014-12-27 15:44 - 2010-11-03 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2014-12-27 15:44 - 2010-10-02 21:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2014-12-27 15:44 - 2010-09-26 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2014-12-27 15:44 - 2010-07-22 00:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2014-12-27 15:44 - 2010-07-22 00:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2014-12-27 15:44 - 2010-05-06 01:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2014-12-27 15:44 - 2009-11-23 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2014-12-27 15:44 - 2009-11-23 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2014-12-27 15:44 - 2009-11-23 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2014-12-27 15:44 - 2009-11-23 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2014-12-27 15:44 - 2009-11-17 02:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2014-12-27 15:42 - 2014-12-27 15:45 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-12-27 15:42 - 2014-12-27 15:42 - 00000000 ____D () C:\Intel 2014-12-27 15:42 - 2011-12-05 23:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2014-12-27 15:41 - 2014-12-29 21:46 - 00001154 _____ () C:\Windows\PFRO.log 2014-12-27 15:41 - 2014-12-27 15:41 - 00000000 ____D () C:\Windows\AsusInstAll 2014-12-27 15:40 - 2014-12-29 22:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-27 15:40 - 2014-12-29 21:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-27 15:40 - 2014-12-27 16:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-27 15:40 - 2014-12-27 16:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-27 15:40 - 2014-12-27 16:16 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-27 15:40 - 2014-12-27 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-27 15:40 - 2014-12-27 16:03 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\Google 2014-12-27 15:40 - 2014-12-27 15:46 - 00047448 _____ () C:\Windows\Ascd_log.ini 2014-12-27 15:40 - 2014-12-27 15:46 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS 2014-12-27 15:40 - 2014-12-27 15:40 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-27 15:39 - 2014-12-27 15:39 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll 2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\Windows\Chipset 2014-12-27 15:39 - 2011-02-24 22:36 - 00295296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-12-27 15:38 - 2014-12-27 15:38 - 00034677 _____ () C:\Windows\Ascd_tmp.ini 2014-12-27 15:38 - 2014-12-27 15:38 - 00001769 _____ () C:\Windows\Language_trs.ini 2014-12-27 15:37 - 2014-12-27 15:37 - 00001443 _____ () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-27 15:37 - 2014-12-27 15:37 - 00001409 _____ () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-12-27 15:37 - 2014-12-27 15:37 - 00000000 ____D () C:\Users\peeaitcheye\AppData\Local\VirtualStore 2014-12-27 15:36 - 2014-12-27 16:13 - 00000000 ____D () C:\Users\peeaitcheye 2014-12-27 15:36 - 2014-12-27 15:36 - 00000020 ___SH () C:\Users\peeaitcheye\ntuser.ini 2014-12-27 15:36 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-27 15:36 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\peeaitcheye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-27 15:35 - 2014-12-27 15:35 - 00000000 ____D () C:\Recovery 2014-12-27 15:23 - 2014-12-27 15:23 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2014-12-27 15:22 - 2014-12-27 15:22 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2014-12-27 15:22 - 2014-12-27 15:22 - 00001313 _____ () C:\Windows\TSSysprep.log 2014-12-27 15:20 - 2014-12-29 22:00 - 00056423 _____ () C:\Windows\WindowsUpdate.log 2014-12-27 15:17 - 2014-12-27 15:36 - 00000000 ____D () C:\Windows\Panther ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 22:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-29 22:02 - 2009-07-13 20:51 - 00018799 _____ () C:\Windows\setupact.log 2014-12-29 21:55 - 2009-07-13 20:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-29 21:55 - 2009-07-13 20:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-29 21:51 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-28 23:05 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-28 23:05 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default 2014-12-28 23:04 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-28 15:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-12-27 19:39 - 2009-07-13 23:47 - 00000000 ____D () C:\Program Files\Windows Journal 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\winrm 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\WCN 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\slmgr 2014-12-27 19:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2014-12-27 19:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\MUI 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\migwiz 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\com 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME 2014-12-27 19:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-12-27 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2014-12-27 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-12-27 19:37 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep 2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup 2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2014-12-27 19:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Setup 2014-12-27 15:39 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore 2014-12-27 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Recovery 2014-12-27 15:22 - 2009-07-13 20:46 - 00001774 _____ () C:\Windows\DtcInstall.log 2014-12-27 15:22 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-27 15:18 - 2009-07-13 23:46 - 00000000 ____D () C:\Windows\CSC 2014-12-27 15:18 - 2009-07-13 20:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-27 15:17 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-12-27 15:17 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2014-12-27 15:16 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup Some content of TEMP: ==================== C:\Users\peeaitcheye\AppData\Local\Temp\libProcessAccess645246098306582258253.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-27 17:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 Ran by peeaitcheye at 2014-12-29 22:03:30 Running from C:\Users\peeaitcheye\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{4E594F8A-B042-B61D-DADC-08822B630781}) (Version: 3.0.795.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - REALTEK Semiconductor Corp.) Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 27-12-2014 15:39:09 Windows Update 27-12-2014 15:44:41 Installed Realtek Ethernet Controller Driver 27-12-2014 15:49:00 Installed RNX-N150UBE 11n USB Wireless LAN Driver and Utility 27-12-2014 15:55:31 Device Driver Package Install: ATI Technologies Inc. Display adapters 27-12-2014 16:16:03 Windows Update 27-12-2014 19:36:12 Language Pack Removal ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2014-12-29 22:02 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {20888339-8EE2-4ADA-84A8-FC30AAF71E64} - System32\Tasks\ASUS\i-Setup153904 => C:\Windows\Chipset\AsusSetup.exe [2010-09-07] (ASUSTeK Computer Inc.) Task: {65E61EB1-BA0F-4E21-A358-DD09569ECDE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.) Task: {7F4E1D7E-49A3-41C0-A5D5-CE7743E80A1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-12-27 15:49 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\RNX-N150UBE\11n USB Wireless LAN Utility\EnumDevLib.dll 2014-12-27 16:08 - 2014-11-26 08:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1733408913-109812225-2979640582-500 - Administrator - Disabled) Guest (S-1-5-21-1733408913-109812225-2979640582-501 - Limited - Disabled) peeaitcheye (S-1-5-21-1733408913-109812225-2979640582-1000 - Administrator - Enabled) => C:\Users\peeaitcheye ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2014 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf Exception code: 0xe0434f4d Fault offset: 0x0000b727 Faulting process id: 0x%9 Faulting application start time: 0xtasks.exe0 Faulting application path: tasks.exe1 Faulting module path: tasks.exe2 Report Id: tasks.exe3 Error: (12/27/2014 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -546. Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: ) Description: Catalog Database (520) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546. Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: ) Description: Catalog Database (520) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546. System errors: ============= Error: (12/29/2014 09:59:33 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (12/29/2014 09:59:20 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (12/29/2014 09:59:18 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (12/29/2014 09:59:15 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (12/29/2014 09:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%1053 Error: (12/29/2014 09:50:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. Error: (12/29/2014 09:49:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (12/29/2014 09:48:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (12/29/2014 00:25:57 AM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (12/29/2014 00:25:54 AM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Microsoft Office Sessions: ========================= Error: (12/27/2014 10:14:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7600.163854a5bdbdfe0434f4d0000b727 Error: (12/27/2014 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -546 Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: ) Description: Catalog Database520Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546 Error: (12/27/2014 03:18:42 PM) (Source: ESENT) (EventID: 412) (User: ) Description: Catalog Database520Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz Percentage of memory in use: 20% Total physical RAM: 8145.97 MB Available physical RAM: 6515.82 MB Total Pagefile: 16290.09 MB Available Pagefile: 14337.58 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:244.04 GB) (Free:217.61 GB) NTFS Drive d: () (Fixed) (Total:488.28 GB) (Free:488.18 GB) NTFS Drive e: () (Fixed) (Total:1130.59 GB) (Free:1110.44 GB) NTFS Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:425.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C99914E6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1130.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 000F86F2) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top