Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm infected by Desk365


  • This topic is locked This topic is locked
15 replies to this topic

#1 Goby

Goby

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 August 2013 - 03:10 AM

Hi

I have 3 new desktop items at the top of my screen. a Desktop menu, a Applications menu and what looks like a price tag. When I click the tag, one of the options is open 337 wallpapaer.

I'm running windows 8 btw. Please help get rid of this crap.

 

Upon further investigation it appears to be Omiga Plus. I deleted it from the Programs file via the control panel -> Programs & features but it's still popping up.


Edited by Goby, 02 August 2013 - 08:58 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 06 August 2013 - 01:29 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 07 August 2013 - 02:35 AM

Hi Nasdaq

 

Thanks for the help

 

# AdwCleaner v2.306 - Logfile created 08/07/2013 at 17:31:32
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Goby - GOBY_LAP
# Boot Mode : Normal
# Running from : C:\Users\Goby\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Omiga Plus
Deleted on reboot : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\Goby\AppData\Roaming\337
Folder Deleted : C:\Users\Goby\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Goby\AppData\Roaming\Omiga Plus
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [10898 octets] - [01/08/2013 22:27:19]
AdwCleaner[R2].txt - [10959 octets] - [01/08/2013 22:27:43]
AdwCleaner[R3].txt - [1095 octets] - [01/08/2013 22:33:10]
AdwCleaner[R4].txt - [1146 octets] - [02/08/2013 17:35:42]
AdwCleaner[R5].txt - [1568 octets] - [07/08/2013 17:31:17]
AdwCleaner[S1].txt - [11401 octets] - [01/08/2013 22:28:06]
AdwCleaner[S2].txt - [359 octets] - [01/08/2013 22:33:33]
AdwCleaner[S3].txt - [1224 octets] - [02/08/2013 17:36:05]
AdwCleaner[S4].txt - [1522 octets] - [07/08/2013 17:31:32]
 
########## EOF - C:\AdwCleaner[S4].txt - [1582 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 8 x64
Ran by Goby on Wed 07/08/2013 at 17:37:07.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/08/2013 at 17:39:46.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 


Edited by Goby, 07 August 2013 - 02:47 AM.


#4 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 07 August 2013 - 02:41 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Goby at 17:43:47 on 2013-08-07
Microsoft Windows 8  6.2.9200.0.1252.61.1033.18.3911.2345 [GMT 10:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe
C:\Program Files (x86)\WinZipper\winzipersvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\RfBtnSvc64.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Omiga Plus\omigaplus.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/?gws_rd=cr
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
uRun: [Omiga Plus] "C:\Program Files (x86)\Omiga Plus\omigaplus.exe" /autorun
uRun: [QuickScanner] C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe
mRun: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [LManager] <no file>
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{06094094-7289-430B-B616-947E37BA1ED8} : DHCPNameServer = 150.200.3.1
TCP: Interfaces\{D6E629C8-90AD-4212-82FF-F7EF3844353D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D6E629C8-90AD-4212-82FF-F7EF3844353D} : DHCPNameServer = 192.168.15.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: news.net: {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - 
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-8-28 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-7-25 30496]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2012-11-26 208736]
R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00A\ccSetx64.sys [2012-8-28 168608]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-8-3 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-8-3 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-8-3 62776]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-1-28 227456]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-7-27 2415760]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-21 348784]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-4-9 92560]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 165760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]
R2 omigaplussvc;Omiga plus service;C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe [2013-8-1 424104]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-8-28 93296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 364416]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-30 1616048]
R2 winzipersvc;WinZiper service;C:\Program Files (x86)\WinZipper\winzipersvc.exe [2013-8-1 424104]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-8-1 89168]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\Drivers\b57xdbd.sys [2012-6-15 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\Drivers\b57xdmp.sys [2012-6-15 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\Drivers\bScsiSDa.sys [2012-6-19 70744]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-8-1 346192]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-8-1 115280]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-8-1 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-8-1 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-8-1 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-8-1 136424]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-8-1 581200]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-7-31 659600]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-4-9 328592]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-10 342528]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-3 425472]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\Drivers\LGSHidFilt.Sys [2012-10-3 66360]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\Drivers\LGSUsbFilt.sys [2012-10-3 43832]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-24 16008]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-8-28 26736]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-7-31 466064]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-12 174160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-7-31 259136]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-08-07 07:33:21 -------- d-----w- C:\Users\Goby\AppData\Roaming\Omiga Plus
2013-08-01 12:49:27 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-08-01 12:44:06 -------- d-----w- C:\Program Files\HitmanPro
2013-08-01 12:40:33 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-01 12:39:51 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-08-01 12:39:50 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-01 12:39:50 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-08-01 12:39:50 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-08-01 12:39:50 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-01 12:39:49 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-08-01 12:39:49 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-08-01 12:39:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-08-01 12:39:04 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-08-01 12:39:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-08-01 12:39:03 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 12:39:02 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 11:40:31 -------- d-----w- C:\Users\Goby\AppData\Roaming\Malwarebytes
2013-08-01 11:40:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-01 11:40:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-01 11:40:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 11:40:05 -------- d-----w- C:\Users\Goby\AppData\Local\Programs
2013-08-01 11:28:53 -------- d-----w- C:\Users\Goby\AppData\Roaming\QuickScan
2013-08-01 11:28:52 733224 ----a-w- C:\Users\Goby\AppData\Local\qs.dll
2013-08-01 11:28:52 2051696 ----a-w- C:\Users\Goby\AppData\Local\qs64.dll
2013-08-01 11:28:37 -------- d-----w- C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-01 11:19:48 -------- d-----w- C:\Windows\ERUNT
2013-08-01 11:05:51 -------- d-----w- C:\Users\Goby\AppData\Roaming\337 Wallpaper
2013-08-01 10:52:39 -------- d-----w- C:\Users\Goby\AppData\Roaming\WinZipper
2013-08-01 10:52:39 -------- d-----w- C:\Program Files (x86)\WinZipper
2013-08-01 10:52:32 -------- d-----w- C:\Program Files (x86)\Omiga Plus
2013-08-01 10:48:06 -------- d-----w- C:\ProgramData\Atheros
2013-08-01 10:48:04 -------- d-----w- C:\Users\Goby\AppData\Roaming\Atheros
2013-08-01 10:28:27 136424 ----a-w- C:\Windows\System32\drivers\btath_rcp.sys
2013-08-01 10:28:26 77464 ----a-w- C:\Windows\System32\drivers\btath_lwflt.sys
2013-08-01 10:28:24 179432 ----a-w- C:\Windows\System32\drivers\btath_hcrp.sys
2013-08-01 10:28:22 89168 ----a-w- C:\Windows\System32\drivers\btath_flt.sys
2013-08-01 10:28:21 346192 ----a-w- C:\Windows\System32\drivers\btath_a2dp.sys
2013-08-01 10:28:21 115280 ----a-w- C:\Windows\System32\drivers\btath_avdt.sys
2013-08-01 10:28:20 581200 ----a-w- C:\Windows\System32\drivers\btfilter.sys
2013-08-01 10:28:17 34384 ----a-w- C:\Windows\System32\drivers\btath_bus.sys
2013-08-01 10:27:36 -------- d-----w- C:\Program Files (x86)\Common Files\QCA_Bluetooth
2013-08-01 07:09:09 -------- d-----w- C:\Program Files\Classic Shell
2013-07-31 18:49:43 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin
2013-07-28 08:37:10 -------- d-----w- C:\Users\Goby\AppData\Roaming\uTorrent
2013-07-28 05:13:19 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-28 03:59:18 -------- d-----w- C:\Users\Goby\AppData\Local\Adobe
2013-07-25 05:02:57 -------- d-----w- C:\Personal
2013-07-25 05:02:34 -------- d-----w- C:\OPP STATUS MACRO
2013-07-25 04:59:29 -------- d-----r- C:\Program Files (x86)\Skype
2013-07-25 04:44:13 -------- d-----w- C:\Project Controls
2013-07-25 04:34:15 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-25 03:49:33 -------- d-----w- C:\Users\Goby\AppData\Local\NVIDIA
2013-07-25 03:40:25 -------- d-----w- C:\Windows\SysWow64\NV
2013-07-25 03:40:25 -------- d-----w- C:\Windows\System32\NV
2013-07-25 03:39:59 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-07-25 03:39:58 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-25 03:39:58 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-25 03:39:58 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-25 03:39:58 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-07-25 03:39:58 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-07-25 03:39:58 1025312 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-07-25 03:39:57 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-25 03:39:57 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-25 03:37:52 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-07-25 03:07:51 144384 ----a-w- C:\Windows\System32\tssdisai.dll
.
==================== Find3M  ====================
.
2013-07-30 08:14:05 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 03:57:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 17:44:30.09 ===============
 

 


Edited by Goby, 07 August 2013 - 02:46 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 07 August 2013 - 07:40 AM


Please restart the computer Normally.


Run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Post a fresh DDS log for my review.

Let me know what problem persists.

#6 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 08 August 2013 - 06:54 AM

 Results of screen317's Security Check version 0.99.71  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Windows Defender                  
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````
 AVG avgwdsvc.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Goby at 21:55:35 on 2013-08-08
Microsoft Windows 8  6.2.9200.0.1252.61.1033.18.3911.2404 [GMT 10:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe
C:\Program Files (x86)\WinZipper\winzipersvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Elantech\ETDService.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\RfBtnSvc64.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\taskhostex.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Omiga Plus\omigaplus.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/?gws_rd=cr
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
uRun: [Omiga Plus] "C:\Program Files (x86)\Omiga Plus\omigaplus.exe" /autorun
uRun: [QuickScanner] C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe
mRun: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [LManager] <no file>
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{06094094-7289-430B-B616-947E37BA1ED8} : DHCPNameServer = 150.200.3.1
TCP: Interfaces\{D6E629C8-90AD-4212-82FF-F7EF3844353D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D6E629C8-90AD-4212-82FF-F7EF3844353D} : DHCPNameServer = 192.168.15.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: news.net: {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - 
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-8-28 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-7-25 30496]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2012-11-26 208736]
R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00A\ccSetx64.sys [2012-8-28 168608]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-8-3 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-8-3 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-8-3 62776]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-1-28 227456]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-7-27 2415760]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-21 348784]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-4-9 92560]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 165760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]
R2 omigaplussvc;Omiga plus service;C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe [2013-8-1 424104]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-8-28 93296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 364416]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-30 1616048]
R2 winzipersvc;WinZiper service;C:\Program Files (x86)\WinZipper\winzipersvc.exe [2013-8-1 424104]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-8-1 89168]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\Drivers\b57xdbd.sys [2012-6-15 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\Drivers\b57xdmp.sys [2012-6-15 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\Drivers\bScsiSDa.sys [2012-6-19 70744]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-8-1 346192]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-8-1 115280]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-8-1 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-8-1 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-8-1 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-8-1 136424]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-8-1 581200]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-7-31 659600]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-4-9 328592]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-10 342528]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-3 425472]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-24 16008]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-8-28 26736]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-7-31 466064]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-12 174160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\Drivers\LGSHidFilt.Sys [2012-10-3 66360]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\Drivers\LGSUsbFilt.sys [2012-10-3 43832]
S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-7-31 259136]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-08-07 07:33:21 -------- d-----w- C:\Users\Goby\AppData\Roaming\Omiga Plus
2013-08-01 12:49:27 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-08-01 12:44:06 -------- d-----w- C:\Program Files\HitmanPro
2013-08-01 12:40:33 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-01 12:39:51 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-08-01 12:39:50 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-01 12:39:50 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-08-01 12:39:50 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-08-01 12:39:50 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-01 12:39:49 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-08-01 12:39:49 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-08-01 12:39:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-08-01 12:39:04 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-08-01 12:39:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-08-01 12:39:03 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 12:39:02 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 11:40:31 -------- d-----w- C:\Users\Goby\AppData\Roaming\Malwarebytes
2013-08-01 11:40:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-01 11:40:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-01 11:40:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 11:40:05 -------- d-----w- C:\Users\Goby\AppData\Local\Programs
2013-08-01 11:28:53 -------- d-----w- C:\Users\Goby\AppData\Roaming\QuickScan
2013-08-01 11:28:52 733224 ----a-w- C:\Users\Goby\AppData\Local\qs.dll
2013-08-01 11:28:52 2051696 ----a-w- C:\Users\Goby\AppData\Local\qs64.dll
2013-08-01 11:28:37 -------- d-----w- C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-01 11:19:48 -------- d-----w- C:\Windows\ERUNT
2013-08-01 11:05:51 -------- d-----w- C:\Users\Goby\AppData\Roaming\337 Wallpaper
2013-08-01 10:52:39 -------- d-----w- C:\Users\Goby\AppData\Roaming\WinZipper
2013-08-01 10:52:39 -------- d-----w- C:\Program Files (x86)\WinZipper
2013-08-01 10:52:32 -------- d-----w- C:\Program Files (x86)\Omiga Plus
2013-08-01 10:48:06 -------- d-----w- C:\ProgramData\Atheros
2013-08-01 10:48:04 -------- d-----w- C:\Users\Goby\AppData\Roaming\Atheros
2013-08-01 10:28:27 136424 ----a-w- C:\Windows\System32\drivers\btath_rcp.sys
2013-08-01 10:28:26 77464 ----a-w- C:\Windows\System32\drivers\btath_lwflt.sys
2013-08-01 10:28:24 179432 ----a-w- C:\Windows\System32\drivers\btath_hcrp.sys
2013-08-01 10:28:22 89168 ----a-w- C:\Windows\System32\drivers\btath_flt.sys
2013-08-01 10:28:21 346192 ----a-w- C:\Windows\System32\drivers\btath_a2dp.sys
2013-08-01 10:28:21 115280 ----a-w- C:\Windows\System32\drivers\btath_avdt.sys
2013-08-01 10:28:20 581200 ----a-w- C:\Windows\System32\drivers\btfilter.sys
2013-08-01 10:28:17 34384 ----a-w- C:\Windows\System32\drivers\btath_bus.sys
2013-08-01 10:27:36 -------- d-----w- C:\Program Files (x86)\Common Files\QCA_Bluetooth
2013-08-01 07:09:09 -------- d-----w- C:\Program Files\Classic Shell
2013-07-31 18:49:43 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin
2013-07-28 08:37:10 -------- d-----w- C:\Users\Goby\AppData\Roaming\uTorrent
2013-07-28 05:13:19 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-28 03:59:18 -------- d-----w- C:\Users\Goby\AppData\Local\Adobe
2013-07-25 05:02:57 -------- d-----w- C:\Personal
2013-07-25 05:02:34 -------- d-----w- C:\OPP STATUS MACRO
2013-07-25 04:59:29 -------- d-----r- C:\Program Files (x86)\Skype
2013-07-25 04:44:13 -------- d-----w- C:\Project Controls
2013-07-25 04:34:15 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-25 03:49:33 -------- d-----w- C:\Users\Goby\AppData\Local\NVIDIA
2013-07-25 03:40:25 -------- d-----w- C:\Windows\SysWow64\NV
2013-07-25 03:40:25 -------- d-----w- C:\Windows\System32\NV
2013-07-25 03:39:59 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-07-25 03:39:58 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-25 03:39:58 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-25 03:39:58 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-25 03:39:58 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-07-25 03:39:58 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-07-25 03:39:58 1025312 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-07-25 03:39:57 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-25 03:39:57 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-25 03:37:52 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-07-25 03:07:51 144384 ----a-w- C:\Windows\System32\tssdisai.dll
.
==================== Find3M  ====================
.
2013-07-30 08:14:05 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 03:57:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 21:55:56.51 ===============
 
Hi Nasdaq
 
Problem still persists. Omiga Plus still coming up as an active program.
 
Regs
 
Goby

Edited by Goby, 08 August 2013 - 07:00 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 08 August 2013 - 08:13 AM

The AdwCleaner tool removed the Omiga Plus folder

C:\Users\Goby\AppData\Roaming\Omiga Plus
C:\Program Files (x86)\Omiga Plus


I still see some reference to this tool in your last log.

Did you re-install the application?

Do you want to remove these remnant items from the registry?

What are the remaining issues with this computer.

#8 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 09 August 2013 - 01:30 AM

No I did not re-install it

 

I want it gone altogether.

 

The Omiga Plus is the only issue.

 

I am away for the weekend, so hope to hear from you when I log on next. Thanks for the help so far



#9 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 09 August 2013 - 07:50 AM

Run this tool and will take it from there.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#10 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 12 August 2013 - 04:54 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by Goby (administrator) on 12-08-2013 19:52:19
Running from C:\Users\Goby\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\Omiga Plus\omigaplus.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2013-04-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] - "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-17] (NVIDIA Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [News.net] - C:\Program Files\News.net\BreakingNews\DesktopContainer.exe [x]
HKCU\...\Run: [Omiga Plus] - C:\Program Files (x86)\Omiga Plus\omigaplus.exe [1361576 2013-08-01] (Taiwan Shui Mu Chih Ching Technology Limited.)
HKCU\...\Run: [QuickScanner] - C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe [14483800 2013-03-22] (Defender Pro)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] -  [x]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/?gws_rd=cr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {C76E363C-4998-43BE-8F45-2E492AE6D1C1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {C76E363C-4998-43BE-8F45-2E492AE6D1C1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {C76E363C-4998-43BE-8F45-2E492AE6D1C1} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: news.net - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\x64\ScriptHost.dll No File
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{D6E629C8-90AD-4212-82FF-F7EF3844353D}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: trtv3 - C:\Users\Goby\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com.au/?gws_rd=cr
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Extension: (Google Docs) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0
CHR Extension: (GW2TP) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchjpcdehbipdfjapdmgnoljndealpbd\1.1_0
CHR Extension: (Gmail) - C:\Users\Goby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92560 2013-04-09] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 omigaplussvc; C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe [424104 2013-08-01] (Taiwan Shui Mu Chih Ching Technology Limited.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-30] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-01] (Taiwan Shui Mu Chih Ching Technology Limited.)
 
==================== Drivers (Whitelisted) ====================
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-03] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [43832 2012-10-03] (Logitech Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-12 19:50 - 2013-08-12 19:50 - 01575246 _____ (Farbar) C:\Users\Goby\Downloads\FRST64.exe
2013-08-12 19:21 - 2013-08-12 19:31 - 370075328 _____ C:\Users\Goby\Downloads\Dexter.S08E04.HDTV.x264-EVOLVE.mp4
2013-08-12 19:17 - 2013-08-12 19:17 - 00000000 ____D C:\Users\Goby\Downloads\True Blood S06E09 Life Matters WEB DL XviD-FUM[ettv]
2013-08-12 17:36 - 2013-08-12 19:23 - 653378205 _____ C:\Users\Goby\Downloads\True.Blood.S06E09.HDTV.x264-EVOLVE.mp4
2013-08-12 17:36 - 2013-08-12 18:01 - 351806637 _____ C:\Users\Goby\Downloads\Dexter.S08E07.HDTV.x264-ASAP.mp4
2013-08-12 17:34 - 2013-08-12 17:34 - 00264904 _____ C:\Users\Goby\Downloads\Dexter_S08E07_HDTV_x264-ASAP.exe
2013-08-08 21:55 - 2013-08-08 21:55 - 00688992 ____R (Swearware) C:\Users\Goby\Downloads\dds (1).com
2013-08-08 21:51 - 2013-08-08 21:51 - 00891098 _____ C:\Users\Goby\Downloads\SecurityCheck.exe
2013-08-07 20:46 - 2013-08-07 20:57 - 00000000 ____D C:\Users\Goby\Downloads\Mr Brooks (2007)
2013-08-07 20:21 - 2013-08-07 20:21 - 00016066 _____ C:\Users\Goby\Downloads\V_for_Vendetta_2006.torrent
2013-08-07 20:07 - 2013-08-07 20:07 - 00016919 _____ C:\Users\Goby\Downloads\Mr_Brooks_2007.torrent
2013-08-07 20:06 - 2013-08-07 20:10 - 00000000 ____D C:\Users\Goby\Downloads\End of Watch (2012)
2013-08-07 20:01 - 2013-08-07 20:01 - 00014710 _____ C:\Users\Goby\Downloads\End_of_Watch_2012.torrent
2013-08-07 19:54 - 2013-08-07 19:54 - 00020398 _____ C:\Users\Goby\Downloads\TP001144319.cab
2013-08-07 19:51 - 2013-08-07 19:51 - 00026624 _____ C:\Users\Goby\Downloads\CDC_UP_Lessons_Learned_Log_Template (1).xls
2013-08-07 19:49 - 2013-08-07 19:49 - 00026624 _____ C:\Users\Goby\Downloads\CDC_UP_Lessons_Learned_Log_Template.xls
2013-08-07 17:45 - 2013-08-07 17:45 - 00001651 _____ C:\Users\Goby\Documents\AdwCleaner[S4].txt
2013-08-07 17:44 - 2013-08-08 21:56 - 00009916 _____ C:\Users\Goby\Desktop\attach.txt
2013-08-07 17:44 - 2013-08-08 21:55 - 00027148 _____ C:\Users\Goby\Desktop\dds.txt
2013-08-07 17:42 - 2013-08-07 17:42 - 00688992 ____R (Swearware) C:\Users\Goby\Downloads\dds.com
2013-08-07 17:39 - 2013-08-07 17:45 - 00000685 _____ C:\Users\Goby\Desktop\JRT.txt
2013-08-07 17:36 - 2013-08-07 17:36 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\Goby\Downloads\JRT (1).exe
2013-08-07 17:33 - 2013-08-08 19:33 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Omiga Plus
2013-08-07 17:31 - 2013-08-07 17:31 - 00001651 _____ C:\AdwCleaner[S4].txt
2013-08-07 17:31 - 2013-08-07 17:31 - 00001568 _____ C:\AdwCleaner[R5].txt
2013-08-07 17:29 - 2013-08-07 17:29 - 00424344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:41 - 2013-08-06 18:41 - 00011165 _____ C:\Users\Goby\Downloads\Memoirs_of_a_Geisha_2005.torrent
2013-08-06 18:38 - 2013-08-06 18:40 - 00000000 ____D C:\Users\Goby\Downloads\Brick (2005)
2013-08-06 18:38 - 2013-08-06 18:38 - 00014780 _____ C:\Users\Goby\Downloads\Brick_2005.torrent
2013-08-06 18:37 - 2013-08-06 18:37 - 00016110 _____ C:\Users\Goby\Downloads\Brick_2005_1080p.torrent
2013-08-05 19:23 - 2013-08-05 20:21 - 436699932 _____ C:\Users\Goby\Downloads\The.Killing.S03E11E12.HDTV.x264-EVOLVE.mp4
2013-08-04 17:50 - 2013-08-04 17:50 - 00054068 _____ C:\Users\Goby\Downloads\watch.json
2013-08-04 11:20 - 2013-08-04 11:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-04 11:02 - 2013-08-04 11:16 - 00000000 ____D C:\Users\Goby\Downloads\MS Project 2007
2013-08-04 11:02 - 2013-08-04 11:02 - 00014751 _____ C:\Users\Goby\Downloads\[kickass.to]ms.project.2007.torrent
2013-08-04 10:30 - 2013-08-04 10:30 - 00011575 _____ C:\Users\Goby\Downloads\Project+Management+Body+of+Knowledge+%28PMBOK%29+4th+Edition.torrent
2013-08-03 18:06 - 2013-08-03 18:10 - 00000000 ____D C:\Users\Goby\Downloads\Gangs of New York (2002)
2013-08-03 18:04 - 2013-08-03 18:24 - 00000000 ____D C:\Users\Goby\Downloads\Mud (2012)
2013-08-03 18:04 - 2013-08-03 18:04 - 00012296 _____ C:\Users\Goby\Downloads\Gangs_of_New_York_2002.torrent
2013-08-03 18:02 - 2013-08-03 18:02 - 00009908 _____ C:\Users\Goby\Downloads\Mud_2012_720p_BluRay_x264_YIFY_mp4.torrent
2013-08-03 14:43 - 2013-08-08 21:08 - 00000000 ____D C:\Users\Goby\Documents\Dip PM
2013-08-02 20:07 - 2013-08-02 20:34 - 00000000 ____D C:\Users\Goby\Downloads\Killing Season (2013)
2013-08-02 20:04 - 2013-08-02 20:04 - 00010223 _____ C:\Users\Goby\Downloads\Killing_Season_2013_720p_BluRay_x264_YIFY_mp4.torrent
2013-08-02 19:33 - 2013-08-02 19:33 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-02 19:32 - 2013-08-12 19:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-02 19:32 - 2013-08-12 19:37 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-02 19:32 - 2013-08-02 19:32 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 19:32 - 2013-08-02 19:32 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 17:49 - 2013-08-02 17:49 - 00001059 _____ C:\quickscan.xml
2013-08-02 17:49 - 2013-06-17 08:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-08-02 17:49 - 2013-06-01 21:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-02 17:49 - 2013-06-01 21:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-02 17:49 - 2013-06-01 21:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-08-02 17:49 - 2013-06-01 21:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-02 17:49 - 2013-06-01 21:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-08-02 17:49 - 2013-06-01 21:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-08-02 17:49 - 2013-06-01 21:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-02 17:49 - 2013-06-01 20:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-08-02 17:49 - 2013-06-01 19:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-02 17:49 - 2013-06-01 19:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-08-02 17:49 - 2013-06-01 19:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-08-02 17:49 - 2013-06-01 19:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-08-02 17:49 - 2013-06-01 19:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-08-02 17:49 - 2013-06-01 19:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-08-02 17:49 - 2013-06-01 19:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-08-02 17:49 - 2013-06-01 19:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-02 17:49 - 2013-06-01 19:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-02 17:49 - 2013-06-01 19:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-08-02 17:49 - 2013-06-01 19:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-08-02 17:49 - 2013-06-01 19:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-08-02 17:49 - 2013-06-01 19:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-08-02 17:49 - 2013-06-01 19:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-08-02 17:49 - 2013-06-01 19:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-08-02 17:49 - 2013-06-01 19:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-08-02 17:49 - 2013-06-01 19:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-08-02 17:49 - 2013-06-01 19:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-08-02 17:49 - 2013-06-01 19:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-08-02 17:49 - 2013-06-01 13:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-08-02 17:49 - 2013-05-25 08:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-08-02 17:49 - 2013-05-25 08:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-08-02 17:49 - 2013-05-25 08:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-08-02 17:49 - 2013-05-25 08:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-08-02 17:49 - 2013-05-20 10:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-02 17:36 - 2013-08-02 17:36 - 00001224 _____ C:\AdwCleaner[S3].txt
2013-08-02 17:35 - 2013-08-02 17:35 - 00666633 _____ C:\Users\Goby\Downloads\AdwCleaner.exe
2013-08-02 17:35 - 2013-08-02 17:35 - 00001146 _____ C:\AdwCleaner[R4].txt
2013-08-02 17:32 - 2013-08-02 17:33 - 00002552 _____ C:\Users\Goby\Desktop\Rkill.txt
2013-08-02 17:32 - 2013-08-02 17:32 - 00000000 ____D C:\Users\Goby\Desktop\rkill
2013-08-01 22:49 - 2013-08-01 22:49 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-01 22:44 - 2013-08-01 22:44 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-01 22:44 - 2013-08-01 22:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-01 22:40 - 2013-08-01 22:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-01 22:40 - 2013-08-01 22:41 - 09833328 _____ (SurfRight B.V.) C:\Users\Goby\Downloads\HitmanPro_x64.exe
2013-08-01 22:39 - 2013-08-01 22:40 - 09171472 _____ (SurfRight B.V.) C:\Users\Goby\Downloads\HitmanPro.exe
2013-08-01 22:39 - 2013-06-01 19:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-01 22:39 - 2013-06-01 19:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-01 22:39 - 2013-05-31 09:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-01 22:38 - 2013-06-12 09:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-01 22:38 - 2013-06-12 09:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-01 22:38 - 2013-06-12 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-01 22:38 - 2013-06-12 09:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-01 22:38 - 2013-06-12 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-01 22:38 - 2013-06-12 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-01 22:38 - 2013-06-12 09:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-01 22:38 - 2013-06-12 09:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-01 22:38 - 2013-06-12 09:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-01 22:38 - 2013-06-12 09:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-01 22:38 - 2013-06-12 09:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-01 22:38 - 2013-06-12 09:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-01 22:38 - 2013-06-12 09:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-01 22:38 - 2013-06-12 09:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-01 22:38 - 2013-06-12 09:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-01 22:38 - 2013-06-12 09:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-01 22:38 - 2013-06-12 09:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-01 22:38 - 2013-05-04 16:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-01 22:38 - 2013-05-04 14:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-01 22:38 - 2013-04-12 08:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-01 22:38 - 2013-04-12 08:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-01 22:33 - 2013-08-01 22:33 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Goby\Downloads\JRT.exe
2013-08-01 22:33 - 2013-08-01 22:33 - 00001095 _____ C:\AdwCleaner[R3].txt
2013-08-01 22:33 - 2013-08-01 22:33 - 00000359 _____ C:\AdwCleaner[S2].txt
2013-08-01 22:28 - 2013-08-01 22:28 - 00011401 _____ C:\AdwCleaner[S1].txt
2013-08-01 22:27 - 2013-08-01 22:27 - 00010959 _____ C:\AdwCleaner[R2].txt
2013-08-01 22:27 - 2013-08-01 22:27 - 00010898 _____ C:\AdwCleaner[R1].txt
2013-08-01 21:40 - 2013-08-01 21:40 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-01 21:40 - 2013-08-01 21:40 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Malwarebytes
2013-08-01 21:40 - 2013-08-01 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 21:40 - 2013-08-01 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 21:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-01 21:28 - 2013-08-02 17:49 - 00009923 _____ C:\quickscan.txt
2013-08-01 21:28 - 2013-08-01 21:28 - 02051696 _____ (Bitdefender SRL) C:\Users\Goby\AppData\Local\qs64.dll
2013-08-01 21:28 - 2013-08-01 21:28 - 00733224 _____ (Bitdefender SRL) C:\Users\Goby\AppData\Local\qs.dll
2013-08-01 21:28 - 2013-08-01 21:28 - 00001142 _____ C:\Users\UpdatusUser\Desktop\Defender Pro Quick Scanner.lnk
2013-08-01 21:28 - 2013-08-01 21:28 - 00001142 _____ C:\Users\Goby\Desktop\Defender Pro Quick Scanner.lnk
2013-08-01 21:28 - 2013-08-01 21:28 - 00000000 ____D C:\Users\Goby\AppData\Roaming\QuickScan
2013-08-01 21:28 - 2013-08-01 21:28 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
2013-08-01 21:28 - 2013-08-01 21:28 - 00000000 ____D C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-01 21:19 - 2013-08-01 21:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 21:14 - 2013-08-01 21:14 - 00007608 _____ C:\Users\Goby\AppData\Local\Resmon.ResmonCfg
2013-08-01 21:05 - 2013-08-01 21:05 - 00000000 ____D C:\Users\Goby\AppData\Roaming\337 Wallpaper
2013-08-01 20:56 - 2013-08-01 20:56 - 00003088 _____ C:\Windows\System32\Tasks\{C9202589-BFAD-43C0-96A5-FC178F8FBFE2}
2013-08-01 20:52 - 2013-08-08 21:52 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-01 20:52 - 2013-08-08 21:52 - 00000000 ____D C:\Program Files (x86)\Omiga Plus
2013-08-01 20:52 - 2013-08-04 11:15 - 00000000 ____D C:\Users\Goby\AppData\Roaming\WinZipper
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Atheros
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\ProgramData\Atheros
2013-08-01 20:28 - 2013-01-28 14:23 - 00581200 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00346192 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_a2dp.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00179432 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_hcrp.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00136424 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_rcp.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00115280 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_avdt.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00089168 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_flt.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00077464 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_lwflt.sys
2013-08-01 20:28 - 2013-01-28 14:23 - 00034384 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_bus.sys
2013-08-01 20:19 - 2013-08-01 20:19 - 00025306 _____ C:\Users\Goby\Downloads\Microsoft.Project.2010.Professional.English.x86.x64.torrent
2013-08-01 20:14 - 2013-08-01 20:14 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Mozilla
2013-08-01 17:09 - 2013-08-01 17:09 - 00000000 ____D C:\Program Files\Classic Shell
2013-08-01 17:00 - 2013-08-01 17:01 - 08437760 _____ (IvoSoft) C:\Users\Goby\Downloads\ClassicShellSetup_3_6_8.exe
2013-07-31 17:09 - 2013-07-31 17:15 - 207978391 _____ C:\Users\Goby\Downloads\The.Killing.S03E10.HDTV.x264-2HD.mp4
2013-07-31 17:09 - 2013-07-31 17:14 - 225178142 _____ C:\Users\Goby\Downloads\The.Killing.S03E09.HDTV.x264-EVOLVE.mp4
2013-07-30 19:54 - 2013-07-30 19:54 - 00014961 _____ C:\Users\Goby\Downloads\Frost_Nixon_(2008)_720p_BrRip_mkv_-_700mb_-_YIFY.6373308_.TPB_.torrent
2013-07-28 18:38 - 2013-07-28 18:38 - 00000816 _____ C:\Users\Goby\Desktop\µTorrent.lnk
2013-07-28 18:37 - 2013-08-12 19:48 - 00000000 ____D C:\Users\Goby\AppData\Roaming\uTorrent
2013-07-28 18:37 - 2013-07-28 18:37 - 01129552 _____ (BitTorrent Inc.) C:\Users\Goby\Downloads\utorrent.exe
2013-07-28 15:13 - 2013-08-09 00:09 - 00000000 ____D C:\Users\Goby\AppData\Roaming\vlc
2013-07-28 15:13 - 2013-07-28 15:13 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-28 15:13 - 2013-07-28 15:13 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-28 15:12 - 2013-07-28 15:12 - 22916830 _____ C:\Users\Goby\Downloads\vlc-setup [1].exe
2013-07-28 13:59 - 2013-07-28 13:59 - 00000000 ____D C:\Users\Goby\AppData\Local\Adobe
2013-07-28 13:58 - 2013-07-28 14:00 - 00000000 ____D C:\ProgramData\Adobe
2013-07-28 13:58 - 2013-07-28 13:58 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-28 13:58 - 2013-07-28 13:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-28 13:57 - 2013-07-28 13:57 - 00000000 ____D C:\Users\Goby\Downloads\AdbeRdr11000_mui_Std
2013-07-28 13:56 - 2013-07-28 13:57 - 00000000 ____D C:\Users\Goby\AppData\Roaming\WinRAR
2013-07-28 13:56 - 2013-07-28 13:56 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-28 13:56 - 2013-07-28 13:56 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-07-28 13:55 - 2013-07-28 13:55 - 01160856 _____ C:\Users\Goby\Downloads\winrar setup.exe
2013-07-28 13:40 - 2013-07-28 13:43 - 141015434 _____ C:\Users\Goby\Downloads\AdbeRdr11000_mui_Std.zip
2013-07-28 11:36 - 2013-07-28 11:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-07-25 15:02 - 2013-08-07 17:53 - 00000000 ____D C:\OPP STATUS MACRO
2013-07-25 15:02 - 2013-08-01 21:51 - 00000000 ____D C:\Personal
2013-07-25 14:59 - 2013-08-12 19:52 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Skype
2013-07-25 14:59 - 2013-07-25 15:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-25 14:59 - 2013-07-25 15:00 - 00000000 ____D C:\ProgramData\Skype
2013-07-25 14:59 - 2013-07-25 14:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-07-25 14:58 - 2013-07-25 14:58 - 01492584 _____ (Skype Technologies S.A.) C:\Users\Goby\Downloads\SkypeSetup.exe
2013-07-25 14:44 - 2013-07-25 15:45 - 00000000 ____D C:\Project Controls
2013-07-25 14:36 - 2013-07-25 14:36 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-07-25 14:34 - 2013-07-25 14:35 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-25 13:49 - 2013-07-25 13:49 - 00000000 ____D C:\Users\Goby\AppData\Local\NVIDIA
2013-07-25 13:47 - 2013-07-25 13:47 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-07-25 13:41 - 2013-07-25 13:41 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-25 13:41 - 2013-03-29 12:24 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-07-25 13:41 - 2013-02-01 15:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
2013-07-25 13:40 - 2013-07-26 21:02 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-07-25 13:40 - 2013-07-26 21:02 - 00000000 ____D C:\Windows\system32\NV
2013-07-25 13:40 - 2013-07-25 13:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-25 13:40 - 2013-07-25 13:40 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-25 13:39 - 2013-06-21 20:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-07-25 13:39 - 2013-06-21 20:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-07-25 13:39 - 2013-06-21 20:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-07-25 13:39 - 2013-06-21 20:23 - 01025312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-07-25 13:39 - 2013-06-21 20:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-07-25 13:39 - 2013-06-21 20:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-07-25 13:39 - 2013-06-21 20:23 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-07-25 13:39 - 2013-06-21 20:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-07-25 13:39 - 2013-06-20 14:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-07-25 13:37 - 2013-07-25 13:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-25 13:12 - 2013-06-21 22:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-25 13:12 - 2013-06-21 22:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00432928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00372000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-07-25 13:12 - 2013-06-21 22:06 - 00030496 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-07-25 13:12 - 2013-06-21 22:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-07-25 13:07 - 2013-05-16 08:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-07-25 12:36 - 2013-07-25 12:42 - 233871960 _____ (NVIDIA Corporation) C:\Users\Goby\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe
2013-07-25 12:35 - 2013-08-12 19:31 - 00000000 ____D C:\Users\Goby\Documents\Outlook Files
 
==================== One Month Modified Files and Folders =======
 
2013-08-12 19:51 - 2013-08-12 19:51 - 00000000 ____D C:\FRST
2013-08-12 19:50 - 2013-08-12 19:50 - 01575246 _____ (Farbar) C:\Users\Goby\Downloads\FRST64.exe
2013-08-12 19:48 - 2013-07-28 18:37 - 00000000 ____D C:\Users\Goby\AppData\Roaming\uTorrent
2013-08-12 19:48 - 2013-01-31 10:08 - 01514522 _____ C:\Windows\WindowsUpdate.log
2013-08-12 19:37 - 2013-08-02 19:32 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 19:37 - 2013-08-02 19:32 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 19:31 - 2013-08-12 19:21 - 370075328 _____ C:\Users\Goby\Downloads\Dexter.S08E04.HDTV.x264-EVOLVE.mp4
2013-08-12 19:31 - 2013-07-25 12:35 - 00000000 ____D C:\Users\Goby\Documents\Outlook Files
2013-08-12 19:23 - 2013-08-12 17:36 - 653378205 _____ C:\Users\Goby\Downloads\True.Blood.S06E09.HDTV.x264-EVOLVE.mp4
2013-08-12 19:20 - 2012-07-26 17:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-12 19:17 - 2013-08-12 19:17 - 00000000 ____D C:\Users\Goby\Downloads\True Blood S06E09 Life Matters WEB DL XviD-FUM[ettv]
2013-08-12 19:00 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-12 18:01 - 2013-08-12 17:36 - 351806637 _____ C:\Users\Goby\Downloads\Dexter.S08E07.HDTV.x264-ASAP.mp4
2013-08-12 17:36 - 2013-01-31 14:53 - 00000000 ____D C:\ProgramData\MFAData
2013-08-12 17:34 - 2013-08-12 17:34 - 00264904 _____ C:\Users\Goby\Downloads\Dexter_S08E07_HDTV_x264-ASAP.exe
2013-08-12 17:33 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-12 17:31 - 2013-06-04 21:27 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-12 17:31 - 2013-02-02 11:16 - 00000000 ____D C:\Users\Goby\AppData\Local\TSVNCache
2013-08-09 00:09 - 2013-07-28 15:13 - 00000000 ____D C:\Users\Goby\AppData\Roaming\vlc
2013-08-08 22:45 - 2012-07-26 15:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-08 21:56 - 2013-08-07 17:44 - 00009916 _____ C:\Users\Goby\Desktop\attach.txt
2013-08-08 21:55 - 2013-08-08 21:55 - 00688992 ____R (Swearware) C:\Users\Goby\Downloads\dds (1).com
2013-08-08 21:55 - 2013-08-07 17:44 - 00027148 _____ C:\Users\Goby\Desktop\dds.txt
2013-08-08 21:54 - 2013-04-09 20:48 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Notepad++
2013-08-08 21:52 - 2013-08-01 20:52 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-08 21:52 - 2013-08-01 20:52 - 00000000 ____D C:\Program Files (x86)\Omiga Plus
2013-08-08 21:51 - 2013-08-08 21:51 - 00891098 _____ C:\Users\Goby\Downloads\SecurityCheck.exe
2013-08-08 21:49 - 2012-07-26 17:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 21:08 - 2013-08-03 14:43 - 00000000 ____D C:\Users\Goby\Documents\Dip PM
2013-08-08 20:12 - 2013-01-31 14:49 - 00000000 ____D C:\Users\Goby\AppData\Local\Deployment
2013-08-08 19:33 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Omiga Plus
2013-08-07 20:57 - 2013-08-07 20:46 - 00000000 ____D C:\Users\Goby\Downloads\Mr Brooks (2007)
2013-08-07 20:21 - 2013-08-07 20:21 - 00016066 _____ C:\Users\Goby\Downloads\V_for_Vendetta_2006.torrent
2013-08-07 20:10 - 2013-08-07 20:06 - 00000000 ____D C:\Users\Goby\Downloads\End of Watch (2012)
2013-08-07 20:07 - 2013-08-07 20:07 - 00016919 _____ C:\Users\Goby\Downloads\Mr_Brooks_2007.torrent
2013-08-07 20:01 - 2013-08-07 20:01 - 00014710 _____ C:\Users\Goby\Downloads\End_of_Watch_2012.torrent
2013-08-07 19:54 - 2013-08-07 19:54 - 00020398 _____ C:\Users\Goby\Downloads\TP001144319.cab
2013-08-07 19:51 - 2013-08-07 19:51 - 00026624 _____ C:\Users\Goby\Downloads\CDC_UP_Lessons_Learned_Log_Template (1).xls
2013-08-07 19:49 - 2013-08-07 19:49 - 00026624 _____ C:\Users\Goby\Downloads\CDC_UP_Lessons_Learned_Log_Template.xls
2013-08-07 17:53 - 2013-07-25 15:02 - 00000000 ____D C:\OPP STATUS MACRO
2013-08-07 17:45 - 2013-08-07 17:45 - 00001651 _____ C:\Users\Goby\Documents\AdwCleaner[S4].txt
2013-08-07 17:45 - 2013-08-07 17:39 - 00000685 _____ C:\Users\Goby\Desktop\JRT.txt
2013-08-07 17:42 - 2013-08-07 17:42 - 00688992 ____R (Swearware) C:\Users\Goby\Downloads\dds.com
2013-08-07 17:36 - 2013-08-07 17:36 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\Goby\Downloads\JRT (1).exe
2013-08-07 17:31 - 2013-08-07 17:31 - 00001651 _____ C:\AdwCleaner[S4].txt
2013-08-07 17:31 - 2013-08-07 17:31 - 00001568 _____ C:\AdwCleaner[R5].txt
2013-08-07 17:29 - 2013-08-07 17:29 - 00424344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:41 - 2013-08-06 18:41 - 00011165 _____ C:\Users\Goby\Downloads\Memoirs_of_a_Geisha_2005.torrent
2013-08-06 18:40 - 2013-08-06 18:38 - 00000000 ____D C:\Users\Goby\Downloads\Brick (2005)
2013-08-06 18:38 - 2013-08-06 18:38 - 00014780 _____ C:\Users\Goby\Downloads\Brick_2005.torrent
2013-08-06 18:37 - 2013-08-06 18:37 - 00016110 _____ C:\Users\Goby\Downloads\Brick_2005_1080p.torrent
2013-08-05 20:21 - 2013-08-05 19:23 - 436699932 _____ C:\Users\Goby\Downloads\The.Killing.S03E11E12.HDTV.x264-EVOLVE.mp4
2013-08-05 17:33 - 2013-03-29 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-04 17:50 - 2013-08-04 17:50 - 00054068 _____ C:\Users\Goby\Downloads\watch.json
2013-08-04 12:03 - 2013-02-01 04:51 - 00000044 _____ C:\Users\Goby\Desktop\lworbey2013@gmail.com.txt
2013-08-04 11:53 - 2013-08-04 11:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-04 11:20 - 2012-08-28 02:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-04 11:19 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-04 11:18 - 2013-03-29 10:48 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-04 11:18 - 2012-07-26 17:52 - 00000000 ____D C:\Windows\ShellNew
2013-08-04 11:16 - 2013-08-04 11:02 - 00000000 ____D C:\Users\Goby\Downloads\MS Project 2007
2013-08-04 11:15 - 2013-08-01 20:52 - 00000000 ____D C:\Users\Goby\AppData\Roaming\WinZipper
2013-08-04 11:02 - 2013-08-04 11:02 - 00014751 _____ C:\Users\Goby\Downloads\[kickass.to]ms.project.2007.torrent
2013-08-04 10:30 - 2013-08-04 10:30 - 00011575 _____ C:\Users\Goby\Downloads\Project+Management+Body+of+Knowledge+%28PMBOK%29+4th+Edition.torrent
2013-08-03 18:24 - 2013-08-03 18:04 - 00000000 ____D C:\Users\Goby\Downloads\Mud (2012)
2013-08-03 18:10 - 2013-08-03 18:06 - 00000000 ____D C:\Users\Goby\Downloads\Gangs of New York (2002)
2013-08-03 18:04 - 2013-08-03 18:04 - 00012296 _____ C:\Users\Goby\Downloads\Gangs_of_New_York_2002.torrent
2013-08-03 18:02 - 2013-08-03 18:02 - 00009908 _____ C:\Users\Goby\Downloads\Mud_2012_720p_BluRay_x264_YIFY_mp4.torrent
2013-08-03 12:08 - 2012-08-03 18:04 - 00038916 _____ C:\Windows\PFRO.log
2013-08-03 12:06 - 2012-07-26 17:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-03 12:06 - 2012-07-26 15:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-02 20:34 - 2013-08-02 20:07 - 00000000 ____D C:\Users\Goby\Downloads\Killing Season (2013)
2013-08-02 20:04 - 2013-08-02 20:04 - 00010223 _____ C:\Users\Goby\Downloads\Killing_Season_2013_720p_BluRay_x264_YIFY_mp4.torrent
2013-08-02 19:33 - 2013-08-02 19:33 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-02 19:33 - 2013-01-31 14:50 - 00000000 ____D C:\Users\Goby\AppData\Local\Google
2013-08-02 19:32 - 2013-08-02 19:32 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 19:32 - 2013-08-02 19:32 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 19:32 - 2013-01-31 14:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 17:49 - 2013-08-02 17:49 - 00001059 _____ C:\quickscan.xml
2013-08-02 17:49 - 2013-08-01 21:28 - 00009923 _____ C:\quickscan.txt
2013-08-02 17:36 - 2013-08-02 17:36 - 00001224 _____ C:\AdwCleaner[S3].txt
2013-08-02 17:35 - 2013-08-02 17:35 - 00666633 _____ C:\Users\Goby\Downloads\AdwCleaner.exe
2013-08-02 17:35 - 2013-08-02 17:35 - 00001146 _____ C:\AdwCleaner[R4].txt
2013-08-02 17:33 - 2013-08-02 17:32 - 00002552 _____ C:\Users\Goby\Desktop\Rkill.txt
2013-08-02 17:32 - 2013-08-02 17:32 - 00000000 ____D C:\Users\Goby\Desktop\rkill
2013-08-01 22:49 - 2013-08-01 22:49 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-01 22:49 - 2013-08-01 22:40 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-01 22:44 - 2013-08-01 22:44 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-01 22:44 - 2013-08-01 22:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-01 22:41 - 2013-08-01 22:40 - 09833328 _____ (SurfRight B.V.) C:\Users\Goby\Downloads\HitmanPro_x64.exe
2013-08-01 22:40 - 2013-08-01 22:39 - 09171472 _____ (SurfRight B.V.) C:\Users\Goby\Downloads\HitmanPro.exe
2013-08-01 22:33 - 2013-08-01 22:33 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Goby\Downloads\JRT.exe
2013-08-01 22:33 - 2013-08-01 22:33 - 00001095 _____ C:\AdwCleaner[R3].txt
2013-08-01 22:33 - 2013-08-01 22:33 - 00000359 _____ C:\AdwCleaner[S2].txt
2013-08-01 22:28 - 2013-08-01 22:28 - 00011401 _____ C:\AdwCleaner[S1].txt
2013-08-01 22:27 - 2013-08-01 22:27 - 00010959 _____ C:\AdwCleaner[R2].txt
2013-08-01 22:27 - 2013-08-01 22:27 - 00010898 _____ C:\AdwCleaner[R1].txt
2013-08-01 21:51 - 2013-07-25 15:02 - 00000000 ____D C:\Personal
2013-08-01 21:45 - 2013-01-31 10:16 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-845503055-1845628576-1702569872-1002
2013-08-01 21:40 - 2013-08-01 21:40 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-01 21:40 - 2013-08-01 21:40 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Malwarebytes
2013-08-01 21:40 - 2013-08-01 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 21:40 - 2013-08-01 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 21:28 - 2013-08-01 21:28 - 02051696 _____ (Bitdefender SRL) C:\Users\Goby\AppData\Local\qs64.dll
2013-08-01 21:28 - 2013-08-01 21:28 - 00733224 _____ (Bitdefender SRL) C:\Users\Goby\AppData\Local\qs.dll
2013-08-01 21:28 - 2013-08-01 21:28 - 00001142 _____ C:\Users\UpdatusUser\Desktop\Defender Pro Quick Scanner.lnk
2013-08-01 21:28 - 2013-08-01 21:28 - 00001142 _____ C:\Users\Goby\Desktop\Defender Pro Quick Scanner.lnk
2013-08-01 21:28 - 2013-08-01 21:28 - 00000000 ____D C:\Users\Goby\AppData\Roaming\QuickScan
2013-08-01 21:28 - 2013-08-01 21:28 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
2013-08-01 21:28 - 2013-08-01 21:28 - 00000000 ____D C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-01 21:22 - 2013-01-31 10:10 - 00001434 _____ C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-01 21:20 - 2012-08-28 02:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-08-01 21:19 - 2013-08-01 21:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 21:14 - 2013-08-01 21:14 - 00007608 _____ C:\Users\Goby\AppData\Local\Resmon.ResmonCfg
2013-08-01 21:05 - 2013-08-01 21:05 - 00000000 ____D C:\Users\Goby\AppData\Roaming\337 Wallpaper
2013-08-01 21:01 - 2012-07-26 15:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-01 20:56 - 2013-08-01 20:56 - 00003088 _____ C:\Windows\System32\Tasks\{C9202589-BFAD-43C0-96A5-FC178F8FBFE2}
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Atheros
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\ProgramData\Atheros
2013-08-01 20:45 - 2012-07-26 15:37 - 00000000 ____D C:\Windows\servicing
2013-08-01 20:30 - 2012-08-28 02:25 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2013-08-01 20:30 - 2012-07-26 17:21 - 00028963 _____ C:\Windows\setupact.log
2013-08-01 20:19 - 2013-08-01 20:19 - 00025306 _____ C:\Users\Goby\Downloads\Microsoft.Project.2010.Professional.English.x86.x64.torrent
2013-08-01 20:14 - 2013-08-01 20:14 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Mozilla
2013-08-01 17:09 - 2013-08-01 17:09 - 00000000 ____D C:\Program Files\Classic Shell
2013-08-01 17:01 - 2013-08-01 17:00 - 08437760 _____ (IvoSoft) C:\Users\Goby\Downloads\ClassicShellSetup_3_6_8.exe
2013-07-31 17:15 - 2013-07-31 17:09 - 207978391 _____ C:\Users\Goby\Downloads\The.Killing.S03E10.HDTV.x264-2HD.mp4
2013-07-31 17:14 - 2013-07-31 17:09 - 225178142 _____ C:\Users\Goby\Downloads\The.Killing.S03E09.HDTV.x264-EVOLVE.mp4
2013-07-30 19:54 - 2013-07-30 19:54 - 00014961 _____ C:\Users\Goby\Downloads\Frost_Nixon_(2008)_720p_BrRip_mkv_-_700mb_-_YIFY.6373308_.TPB_.torrent
2013-07-30 18:14 - 2013-01-31 21:16 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-29 07:41 - 2013-02-09 20:26 - 00000000 ____D C:\Users\Goby\AppData\Local\CrashDumps
2013-07-28 18:38 - 2013-07-28 18:38 - 00000816 _____ C:\Users\Goby\Desktop\µTorrent.lnk
2013-07-28 18:37 - 2013-07-28 18:37 - 01129552 _____ (BitTorrent Inc.) C:\Users\Goby\Downloads\utorrent.exe
2013-07-28 15:13 - 2013-07-28 15:13 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-28 15:13 - 2013-07-28 15:13 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-28 15:13 - 2013-01-31 14:53 - 00000000 ____D C:\Users\Goby\AppData\Local\Avg2013
2013-07-28 15:12 - 2013-07-28 15:12 - 22916830 _____ C:\Users\Goby\Downloads\vlc-setup [1].exe
2013-07-28 14:00 - 2013-07-28 13:58 - 00000000 ____D C:\ProgramData\Adobe
2013-07-28 13:59 - 2013-07-28 13:59 - 00000000 ____D C:\Users\Goby\AppData\Local\Adobe
2013-07-28 13:59 - 2013-01-31 10:10 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Adobe
2013-07-28 13:58 - 2013-07-28 13:58 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-28 13:58 - 2013-07-28 13:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-28 13:57 - 2013-07-28 13:57 - 00000000 ____D C:\Users\Goby\Downloads\AdbeRdr11000_mui_Std
2013-07-28 13:57 - 2013-07-28 13:56 - 00000000 ____D C:\Users\Goby\AppData\Roaming\WinRAR
2013-07-28 13:56 - 2013-07-28 13:56 - 00000000 ____D C:\Users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-28 13:56 - 2013-07-28 13:56 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-07-28 13:55 - 2013-07-28 13:55 - 01160856 _____ C:\Users\Goby\Downloads\winrar setup.exe
2013-07-28 13:43 - 2013-07-28 13:40 - 141015434 _____ C:\Users\Goby\Downloads\AdbeRdr11000_mui_Std.zip
2013-07-28 13:35 - 2013-02-20 20:34 - 00000000 ____D C:\Users\Goby\AppData\Local\WinZip
2013-07-28 11:36 - 2013-07-28 11:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-07-26 21:02 - 2013-07-25 13:40 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-07-26 21:02 - 2013-07-25 13:40 - 00000000 ____D C:\Windows\system32\NV
2013-07-25 17:14 - 2013-01-31 22:11 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-25 15:45 - 2013-07-25 14:44 - 00000000 ____D C:\Project Controls
2013-07-25 15:00 - 2013-07-25 14:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-25 15:00 - 2013-07-25 14:59 - 00000000 ____D C:\ProgramData\Skype
2013-07-25 14:59 - 2013-07-25 14:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-07-25 14:58 - 2013-07-25 14:58 - 01492584 _____ (Skype Technologies S.A.) C:\Users\Goby\Downloads\SkypeSetup.exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-07-25 14:36 - 2013-07-25 14:36 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-07-25 14:35 - 2013-07-25 14:34 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-25 14:24 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\rescache
2013-07-25 13:49 - 2013-07-25 13:49 - 00000000 ____D C:\Users\Goby\AppData\Local\NVIDIA
2013-07-25 13:48 - 2013-07-25 13:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-25 13:47 - 2013-07-25 13:47 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-07-25 13:41 - 2013-07-25 13:41 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-25 13:41 - 2013-07-25 13:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-25 13:41 - 2012-08-28 02:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-25 13:41 - 2012-08-28 02:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-25 13:40 - 2013-07-25 13:40 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-25 13:39 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\Help
2013-07-25 13:09 - 2013-03-24 13:45 - 00000000 ____D C:\Program Files (x86)\AmiBroker
2013-07-25 12:42 - 2013-07-25 12:36 - 233871960 _____ (NVIDIA Corporation) C:\Users\Goby\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-12 17:43
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02
Ran by Goby at 2013-08-12 19:52:57
Running from C:\Users\Goby\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 2013 (Version: 2013.0.2904)
 clear.fi SDK - Video 2 (x32 Version: 2.1.1910)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910)
µTorrent (HKCU Version: 3.3.1.29963)
Acer Backup Manager (x32 Version: 4.0.0.0053)
Acer Device Fast-lane (Version: 1.00.3003)
Acer Instant Update Service (Version: 1.00.3012)
Acer Power Management (Version: 7.00.3003)
Acer Recovery Management (Version: 6.00.3006)
AcerCloud (x32 Version: 2.01.3112)
AcerCloud Docs (x32 Version: 1.00.3103)
Adobe Reader XI (11.0.03)  MUI (x32 Version: 11.0.03)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
AmiBroker 5.60.3 (x32 Version: 5.60)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3211)
Backup Manager v4 (x32 Version: 4.0.0.0053)
Bejeweled 3 (x32 Version: 2.2.0.98)
Broadcom Card Reader Driver Installer (Version: 15.4.4.2)
Classic Shell (Version: 3.6.8)
clear.fi Media (x32 Version: 2.01.3107)
clear.fi Photo (x32 Version: 2.01.3107)
Curse Client (HKCU Version: 5.1.1.792)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
Defender Pro Quick Scanner 1.1 (x32 Version: 1.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
Dolby Home Theater v4 (x32 Version: 7.2.8000.13)
eBay Worldwide (x32 Version: 2.3.0630)
ETDWare PS/2-X64 11.6.11.002_WHQL (Version: 11.6.11.002)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
HitmanPro 3.7 (Version: 3.7.6.201)
Identity Card (x32 Version: 2.00.3002)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2867)
Intel® Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Island Tribe (x32 Version: 2.2.0.98)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Launch Manager (x32 Version: 7.0.4)
Live Updater (x32 Version: 2.00.3002)
Logitech Gaming Software (Version: 8.40.83)
Logitech Gaming Software 8.40 (Version: 8.40.83)
Magic Academy (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Project MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (x32 Version: 4.0.14.35)
MyWinLocker Suite (x32 Version: 4.0.14.24)
Norton Online Backup (x32 Version: 2.2.3.45)
Norton Online Backup ARA (x32 Version: 4.1.0.10)
Notepad++ (x32 Version: 6.3.2)
NTI Media Maker 9 (x32 Version: 9.0.2.9008)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA Optimus 4.11.9 (Version: 4.11.9)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
Office Addin (x32 Version: 2.01.3102)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Premium Data (HKCU)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)
Ripened Peach Sex Sim (x32 Version: 1.0j)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype Click to Call (x32 Version: 6.10.13089)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
Tales of Lagoona (x32 Version: 2.2.0.110)
TortoiseSVN 1.7.11.23600 (64 bit) (Version: 1.7.23600)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office Project 2007 Help (KB963668) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
VLC media player 2.0.5 (x32 Version: 2.0.5)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.10.5)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
WinZip 17.0 (Version: 17.0.10381)
WinZipper (x32 Version: 1.4.8)
World of Warcraft (x32 Version: 5.3.0.17128)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
28-07-2013 03:57:45 Installed Adobe Reader XI  MUI.
31-07-2013 17:06:03 Windows Update
04-08-2013 01:17:37 Installed Microsoft Office Project Professional 2007
12-08-2013 09:35:59 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2012-07-26 15:26 - 2012-07-26 15:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0659BE59-A6D1-4BF0-8CC0-0212E488CA74} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {08A0D64D-3C82-474B-AB26-CA7DB0EA7CAA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {0DEA0CB6-0E6F-48D3-B15C-530A6106C029} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {0E28B817-3BC7-4F54-8A98-0F079C45C9A9} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe [2013-08-01] (Taiwan Shui Mu Chih Ching Technology Limited.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {1483417E-E3F6-4610-9E1A-3265F818C37B} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-07-13] ()
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {17A471E4-C5F1-4DAB-A50C-0E068F79FBD0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1FACCAB7-88AA-4975-B428-DA6B76FF0E11} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2C7FDD9B-46C3-44E4-A328-8FB9854B245E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3E503DC3-5416-4828-88CE-F35E47904A9A} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {475E8DD2-0F46-4E23-9DE1-E8431D06A638} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-845503055-1845628576-1702569872-500
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4D8A3D1B-E85A-4A66-B6C7-682293486A79} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {4E6A5161-97B4-44A2-9F5B-08C0DC8F458E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {647F0A73-E2CF-4769-AF27-AE556C51A5FD} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {71963572-DD14-467F-970F-5B129DB4E3FB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7C71A5C8-1119-47EF-B708-0BFE5EA580C8} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-07-13] ()
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9947493D-DE06-4201-9214-227275E6B070} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {A1747BC7-9FDC-4BCF-878D-D5A2E3BC9A3A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {A1873403-8ACB-49F4-A2CB-667A8C926975} - System32\Tasks\WPD\SqmUpload_S-1-5-21-845503055-1845628576-1702569872-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {ACCDB204-85F0-4EB3-AC4B-7FAAC492D54F} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{648540B7-8BFA-405E-94A3-9745E0140F40}.exe No File
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {AFA88947-860B-4CE6-9402-D13AE308AB32} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BCCDB403-63E6-4A3F-A78F-F9C992840EE7} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-845503055-1845628576-1702569872-1002
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C7B7FD42-D12C-42A2-97C8-8C637C6F1CA0} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {C7F03711-6E36-4646-88F3-C107AA0175AA} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D2A0C81B-6320-4C0C-9866-2AF1E19ADAD4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E61C4BDE-A899-4C73-869F-BF836D6163A2} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F7C99BBE-10C1-42B0-8ABD-3EFFEA030797} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-05] (CyberLink)
Task: {FFAAAA8E-6445-44F5-838E-3A6D01267196} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{648540B7-8BFA-405E-94A3-9745E0140F40}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2013 07:37:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (08/12/2013 07:27:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 14.0.6131.5000, time stamp: 0x509b1020
Faulting module name: mspst32.dll, version: 14.0.6131.5000, time stamp: 0x509b0f0e
Exception code: 0xc0000005
Fault offset: 0x0001448c
Faulting process id: 0x1944
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5
 
Error: (08/12/2013 07:07:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (08/12/2013 06:07:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (08/05/2013 05:32:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (08/05/2013 05:30:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (08/04/2013 11:24:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: WINPROJ.EXE, version: 12.0.4518.1014, time stamp: 0x45428184
Faulting module name: combase.dll, version: 6.2.9200.16420, time stamp: 0x505a976e
Exception code: 0xc0000005
Fault offset: 0x00052060
Faulting process id: 0x1a78
Faulting application start time: 0xWINPROJ.EXE0
Faulting application path: WINPROJ.EXE1
Faulting module path: WINPROJ.EXE2
Report Id: WINPROJ.EXE3
Faulting package full name: WINPROJ.EXE4
Faulting package-relative application ID: WINPROJ.EXE5
 
Error: (08/04/2013 10:07:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (08/04/2013 08:57:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (08/01/2013 09:09:33 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 6.6.0.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1598
 
Start Time: 01ce8ea6bce8d8ac
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: d7591b9d-fa9a-11e2-be90-083e8e4a7778
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/08/2013 09:48:18 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/08/2013 07:33:00 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:55:33 PM on ‎8/‎08/‎2013 was unexpected.
 
Error: (08/07/2013 05:31:52 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/02/2013 05:36:27 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/02/2013 05:24:41 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/02/2013 05:24:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/01/2013 10:29:56 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/01/2013 10:29:54 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/01/2013 10:28:56 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (08/01/2013 10:22:36 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 3911.27 MB
Available physical RAM: 2208.13 MB
Total Pagefile: 7367.27 MB
Available Pagefile: 5251.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:908.19 GB) (Free:815.1 GB) NTFS (Disk=0 Partition=4)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D4BE0AFF)
 
Partition: GPT Partition Type
==================== End Of Log ============================

 


Edited by Goby, 12 August 2013 - 04:56 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 12 August 2013 - 08:43 AM

It will be easy to remove Omiga Plus with this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Wait for further instructions.

#12 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 13 August 2013 - 03:27 AM

ComboFix 13-08-12.01 - Goby 13/08/2013  18:18:09.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.61.1033.18.3911.2426 [GMT 10:00]
Running from: c:\users\Goby\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Goby\AppData\Local\assembly\tmp
c:\users\Goby\AppData\Local\qs.dll
c:\users\Goby\AppData\Local\qs64.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-13 to 2013-08-13  )))))))))))))))))))))))))))))))
.
.
2013-08-13 08:23 . 2013-08-13 08:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-12 09:51 . 2013-08-12 09:51 -------- d-----w- C:\FRST
2013-08-12 07:32 . 2013-08-12 07:32 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-07 07:33 . 2013-08-08 09:33 -------- d-----w- c:\users\Goby\AppData\Roaming\Omiga Plus
2013-08-04 01:20 . 2013-08-04 01:53 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-08-01 12:49 . 2013-08-01 12:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-08-01 12:40 . 2013-08-01 12:49 -------- d-----w- c:\programdata\HitmanPro
2013-08-01 12:39 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-08-01 12:39 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-08-01 12:39 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-08-01 12:39 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-08-01 12:39 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-01 12:39 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-08-01 12:39 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-08-01 12:39 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-08-01 12:39 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-08-01 12:39 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 12:39 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-08-01 12:39 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 11:40 . 2013-08-01 11:40 -------- d-----w- c:\users\Goby\AppData\Roaming\Malwarebytes
2013-08-01 11:40 . 2013-08-01 11:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-01 11:40 . 2013-08-01 11:40 -------- d-----w- c:\programdata\Malwarebytes
2013-08-01 11:40 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-01 11:40 . 2013-08-01 11:40 -------- d-----w- c:\users\Goby\AppData\Local\Programs
2013-08-01 11:28 . 2013-08-01 11:28 -------- d-----w- c:\users\Goby\AppData\Roaming\QuickScan
2013-08-01 11:28 . 2013-08-01 11:28 -------- d-----w- c:\program files (x86)\Defender Pro Quick Scanner
2013-08-01 11:19 . 2013-08-01 11:19 -------- d-----w- c:\windows\ERUNT
2013-08-01 11:05 . 2013-08-01 11:05 -------- d-----w- c:\users\Goby\AppData\Roaming\337 Wallpaper
2013-08-01 10:52 . 2013-08-08 11:52 -------- d-----w- c:\program files (x86)\WinZipper
2013-08-01 10:52 . 2013-08-04 01:15 -------- d-----w- c:\users\Goby\AppData\Roaming\WinZipper
2013-08-01 10:52 . 2013-08-13 08:21 -------- d-----w- c:\program files (x86)\Omiga Plus
2013-08-01 10:48 . 2013-08-01 10:48 -------- d-----w- c:\programdata\Atheros
2013-08-01 10:48 . 2013-08-01 10:48 -------- d-----w- c:\users\Goby\AppData\Roaming\Atheros
2013-08-01 10:28 . 2013-01-28 04:23 136424 ----a-w- c:\windows\system32\drivers\btath_rcp.sys
2013-08-01 10:28 . 2013-01-28 04:23 77464 ----a-w- c:\windows\system32\drivers\btath_lwflt.sys
2013-08-01 10:28 . 2013-01-28 04:23 179432 ----a-w- c:\windows\system32\drivers\btath_hcrp.sys
2013-08-01 10:28 . 2013-01-28 04:23 89168 ----a-w- c:\windows\system32\drivers\btath_flt.sys
2013-08-01 10:28 . 2013-01-28 04:23 346192 ----a-w- c:\windows\system32\drivers\btath_a2dp.sys
2013-08-01 10:28 . 2013-01-28 04:23 115280 ----a-w- c:\windows\system32\drivers\btath_avdt.sys
2013-08-01 10:28 . 2013-01-28 04:23 581200 ----a-w- c:\windows\system32\drivers\btfilter.sys
2013-08-01 10:28 . 2013-01-28 04:23 34384 ----a-w- c:\windows\system32\drivers\btath_bus.sys
2013-08-01 10:27 . 2013-08-01 10:28 -------- d-----w- c:\program files (x86)\Common Files\QCA_Bluetooth
2013-08-01 07:09 . 2013-08-01 07:09 -------- d-----w- c:\program files\Classic Shell
2013-07-28 08:37 . 2013-08-12 11:50 -------- d-----w- c:\users\Goby\AppData\Roaming\uTorrent
2013-07-28 05:13 . 2013-08-12 10:49 -------- d-----w- c:\users\Goby\AppData\Roaming\vlc
2013-07-28 05:13 . 2013-07-28 05:13 -------- d-----w- c:\program files (x86)\VideoLAN
2013-07-28 03:59 . 2013-07-28 03:59 -------- d-----w- c:\users\Goby\AppData\Local\Adobe
2013-07-28 03:58 . 2013-07-28 03:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-25 05:02 . 2013-08-01 11:51 -------- d-----w- C:\Personal
2013-07-25 05:02 . 2013-08-07 07:53 -------- d-----w- C:\OPP STATUS MACRO
2013-07-25 04:59 . 2013-08-13 08:09 -------- d-----w- c:\users\Goby\AppData\Roaming\Skype
2013-07-25 04:59 . 2013-07-25 05:00 -------- d-----r- c:\program files (x86)\Skype
2013-07-25 04:59 . 2013-07-25 04:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-07-25 04:59 . 2013-07-25 05:00 -------- d-----w- c:\programdata\Skype
2013-07-25 04:44 . 2013-07-25 05:45 -------- d-----w- C:\Project Controls
2013-07-25 04:34 . 2013-07-25 04:35 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-07-25 03:49 . 2013-07-25 03:49 -------- d-----w- c:\users\Goby\AppData\Local\NVIDIA
2013-07-25 03:41 . 2013-07-25 03:41 -------- d-----w- c:\users\UpdatusUser
2013-07-25 03:40 . 2013-07-25 03:40 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-25 03:40 . 2013-07-26 11:02 -------- d-----w- c:\windows\SysWow64\NV
2013-07-25 03:40 . 2013-07-26 11:02 -------- d-----w- c:\windows\system32\NV
2013-07-25 03:40 . 2013-07-25 03:41 -------- d-----w- c:\programdata\NVIDIA
2013-07-25 03:39 . 2013-06-21 10:23 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-07-25 03:39 . 2013-06-21 10:23 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-07-25 03:39 . 2013-06-21 10:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-07-25 03:39 . 2013-06-21 10:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-07-25 03:39 . 2013-06-21 10:23 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-07-25 03:39 . 2013-06-21 10:23 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-07-25 03:39 . 2013-06-20 04:17 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
2013-07-25 03:39 . 2013-06-21 10:23 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-07-25 03:39 . 2013-06-21 10:23 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-07-25 03:37 . 2013-07-25 03:48 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-07-25 03:07 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 08:14 . 2013-01-31 11:16 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-23 14:41 . 2013-02-01 06:50 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-01 11:26 . 2012-07-26 02:30 327936 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-05-30 23:24 . 2013-06-16 13:18 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-23 23:01 . 2013-06-16 13:18 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-16 13:18 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-22 01:26 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 22:37 . 2013-06-16 13:15 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-16 13:15 53760 ----a-w- c:\windows\system32\UXInit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 00:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-20 19875432]
"Omiga Plus"="c:\program files (x86)\Omiga Plus\omigaplus.exe" [2013-08-01 1361576]
"QuickScanner"="c:\program files (x86)\Defender Pro Quick Scanner\quickscan.exe" [2013-03-21 14483800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BakupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-07-30 533056]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2012-04-22 508256]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-07-10 2995904]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\users\Goby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-2-9 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00A\ccSetx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 omigaplussvc;Omiga plus service;c:\program files (x86)\Omiga Plus\omigaplusSvc.exe;c:\program files (x86)\Omiga Plus\omigaplusSvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 09:33 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 09:32]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 09:32]
.
2013-02-01 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-31 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 00:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-07 1212048]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-31 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-31 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-31 441888]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/?gws_rd=cr
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{D6E629C8-90AD-4212-82FF-F7EF3844353D}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-News.net - c:\program files\News.net\BreakingNews\DesktopContainer.exe
Wow6432Node-HKLM-Run-LManager - (no file)
BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - c:\program files\News.net\IE\x64\ScriptHost.dll
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-BtPreLoad - c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-08-13  18:25:02
ComboFix-quarantined-files.txt  2013-08-13 08:25
.
Pre-Run: 873,514,696,704 bytes free
Post-Run: 873,571,979,264 bytes free
.
- - End Of File - - B8EB97E25AC60243B7D5ED249A91EF4A
D41D8CD98F00B204E9800998ECF8427E


#13 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 13 August 2013 - 08:46 AM

Open notepad and copy/paste the text in the quote box below into it:

Folder::
c:\program files (x86)\Omiga Plus

Driver::
omigaplussvc

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Omiga Plus"=-

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#14 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 14 August 2013 - 06:29 AM

Thanks Nasdaq

 

Looks good now.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 37,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 14 August 2013 - 07:30 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users