Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
11 replies to this topic

#1 Jardyn

Jardyn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 07 November 2013 - 11:31 AM

Hey guys, to be entirely honest I have no idea what I'm looking at but I'll let you know what's going on with my computer and hopefully someone can point out something that I can't see.

 

Untill recently I've had absolutly no problem, then I started up my computer one day and all of a sudden I had horrible internet download speeds (E.G Below 5 Mb/s) As well as flash player CONSTANTLY crashing ("Shockwave player may be unresponsive") I've seen lots of people having this same problem with no absolute answer. That's about what I know, thanks for taking a look.

 

- Jardyn

 

Spoiler

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:18 AM

Posted 09 November 2013 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 November 2013 - 12:43 PM

Alright, I ran AdwCleaner and here's the first log, I'll upload the other two as I run the programs.
 

 # AdwCleaner v3.011 - Report created 09/11/2013 at 12:30:49
# Updated 03/11/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : SIGMA-ALPHA
# Running from : C:\Users\Andy\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : splashtopremoteservice
Service Found : SSUService

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Program Files (x86)\driver-soft
Folder Found C:\Program Files (x86)\Leap Motion
Folder Found C:\Program Files (x86)\Splashtop
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
Folder Found C:\ProgramData\Splashtop
Folder Found C:\Users\Andy\AppData\Local\eSupport.com
Folder Found C:\Users\Andy\AppData\Local\Splashtop
Folder Found C:\Users\Andy\AppData\Roaming\Leap Motion

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Splashtop Inc.
Key Found : [x64] HKCU\Software\Splashtop Inc.
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\Software\Leap Motion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Found : HKLM\Software\Splashtop Inc.

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\hnddme1z.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1878 octets] - [09/11/2013 12:30:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1938 octets] ##########

Edited by nasdaq, 09 November 2013 - 01:50 PM.


#4 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 November 2013 - 01:14 PM

And here's junkware removal tool log.
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Sigma on Sat 11/09/2013 at 13:00:24.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] splashtopremoteservice
Failed to stop: [Service] ssuservice



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Failed to delete: [File] "C:\end"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\Users\Andy\appdata\local\splashtop"
Failed to delete: [Folder] "C:\Program Files (x86)\driver-soft"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/09/2013 at 13:12:46.40
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by nasdaq, 09 November 2013 - 01:54 PM.


#5 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 November 2013 - 01:43 PM

And here's the log from ComboFix
 

ComboFix 13-11-07.01 - 11/09/2013  13:26:24.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.16304.13801 [GMT -5:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jce06_SP.pp
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
F:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-09 to 2013-11-09  )))))))))))))))))))))))))))))))
.
.
2013-11-09 17:48 . 2013-11-09 17:48       --------   d-----w- c:\windows\ERUNT
2013-11-09 17:30 . 2013-11-09 17:31       --------   d-----w- C:\AdwCleaner
2013-11-09 02:36 . 2013-11-09 02:36       --------   d-----w- c:\windows\SysWow64\NV
2013-11-09 02:36 . 2013-11-09 02:36       --------   d-----w- c:\windows\system32\NV
2013-11-09 01:33 . 2013-11-09 01:33       --------   d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-09 00:49 . 2013-11-09 00:50       --------   d-----w- c:\windows\RTLInstallTemp
2013-11-08 17:33 . 2013-04-04 19:50       25928    ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-08 00:14 . 2013-11-08 00:14       --------   d-----w- c:\windows\SysWow64\Adobe
2013-11-07 21:15 . 2013-11-07 21:16       --------   d-----w- c:\program files\CCleaner
2013-11-07 21:09 . 2013-11-07 21:09       --------   d-----w- c:\programdata\RegInOut
2013-11-07 21:09 . 2013-11-07 21:09       --------   d-----w- c:\program files (x86)\RegInOut System Utilities
2013-11-07 18:01 . 2013-11-07 18:01       --------   d-----w- c:\programdata\RealNetworks
2013-11-07 18:01 . 2013-11-07 18:01       --------   d-----w- c:\program files (x86)\Common Files\xing shared
2013-11-07 18:00 . 2013-11-07 18:01       --------   d-----w- c:\program files (x86)\Real
2013-11-07 17:29 . 2013-11-07 17:29       --------   d-----w- c:\users\USER\AppData\Local\NVIDIA Corporation
2013-11-07 17:29 . 2013-11-07 17:29       --------   d-----w- c:\program files (x86)\AGEIA Technologies
2013-11-07 03:17 . 2013-11-07 03:17       --------   d-----w- C:\Illusion
2013-11-07 00:57 . 2013-11-07 00:57       --------   d-----w- c:\users\USER\AppData\Local\DriverTuner
2013-11-07 00:57 . 2013-11-07 15:08       --------   d-----w- c:\program files (x86)\DriverTuner
2013-11-07 00:53 . 2013-11-07 00:53       --------   d-----w- C:\Dell
2013-11-07 00:24 . 2013-11-07 00:24       --------   d-----w- c:\users\USER\AppData\Roaming\WinBatch
2013-11-06 10:22 . 2013-11-06 10:22       --------   d-----w- c:\users\USER\AppData\Local\Opera Software
2013-11-06 10:22 . 2013-11-06 10:22       --------   d-----w- c:\users\USER\AppData\Roaming\Opera Software
2013-11-06 10:21 . 2013-11-07 15:08       --------   d-----w- c:\program files (x86)\Opera
2013-11-06 02:37 . 2013-11-07 15:08       --------   d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-11-06 02:23 . 2013-11-07 15:08       --------   d-----w- c:\users\Guest
2013-11-06 02:13 . 2013-11-06 02:13       --------   d-----w- c:\programdata\Oracle
2013-11-06 01:32 . 2013-11-06 01:32       --------   d-----w-               c:\users\USER\AppData\Roaming\Malwarebytes
2013-11-06 01:32 . 2013-11-06 01:32       --------   d-----w- c:\programdata\Malwarebytes
2013-11-06 01:32 . 2013-11-08 17:33       --------   d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-05 23:53 . 2013-11-08 08:57       342704  ----a-w-               c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10224.bin
2013-11-05 20:51 . 2013-11-05 20:51       --------   d-----w-               c:\users\USER\AppData\Roaming\SUPERAntiSpyware.com
2013-11-05 20:51 . 2013-11-08 17:33       --------   d-----w- c:\program files\SUPERAntiSpyware
2013-11-05 20:51 . 2013-11-05 20:51       --------   d-----w- c:\programdata\SUPERAntiSpyware.com
2013-11-05 01:55 . 2013-11-07 23:48       --------   d-----w- c:\users\USER\AppData\Local\Adobe
2013-11-05 00:22 . 2013-11-07 15:08       --------   d-----w-               c:\users\USER\AppData\Local\NETGEARGenie
2013-11-05 00:22 . 2013-11-05 00:22       --------   d-----w- c:\program files (x86)\NETGEAR Genie
2013-11-04 23:09 . 2006-09-13 10:00       80896    ----a-w-               c:\windows\system32\Spool\prtprocs\x64\CNMPP7Q.DLL
2013-11-04 23:09 . 2006-09-13 10:00       27136    ----a-w-               c:\windows\system32\Spool\prtprocs\x64\CNMPD7Q.DLL
2013-11-04 22:57 . 2013-11-07 17:27       --------   d-----w- c:\windows\LastGood
2013-11-02 05:20 . 2013-11-02 05:24       --------   d-----w- c:\users\USER\.riffplayer
2013-11-02 05:20 . 2013-11-02 05:20       --------   d-----w- c:\program files (x86)\Riffplayer
2013-11-02 05:19 . 2013-11-02 05:19       18923614            ----a-w- c:\users\USER\riffplayer-0.4.3-win32.exe
2013-10-31 18:33 . 2013-10-18 01:36       1063200              ----a-w- c:\windows\system32\nvspcap64.dll
2013-10-31 18:33 . 2013-10-18 01:36       955168  ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-10-31 18:32 . 2013-09-27 23:01       39200    ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-10-31 18:32 . 2013-09-27 23:01       28960    ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-10-30 22:51 . 2013-10-30 22:51       --------   d-----w- c:\program files (x86)\NCSOFT
2013-10-29 17:24 . 2013-10-30 22:49       --------   d-----w- C:\NCWest
2013-10-29 17:24 . 2013-10-29 17:27       --------   d-----w- c:\program files (x86)\NCWest
2013-10-29 06:19 . 2013-10-29 06:19       --------   d-----w-               c:\windows\ServiceProfiles\LocalService\winhttp
2013-10-29 02:10 . 2013-10-29 17:44       --------   d-----w- c:\users\USER\AppData\Roaming\Arc
2013-10-20 01:02 . 2013-10-20 01:02       --------   d-----w- c:\program files (x86)\BandiMPEG1
2013-10-18 03:01 . 2013-11-09 18:15       --------   d-----r-  c:\users\USER\Dropbox
2013-10-18 02:59 . 2013-11-09 18:15       --------   d-----w- c:\users\USER\AppData\Roaming\Dropbox
2013-10-18 02:56 . 2013-11-09 18:20       --------   d-----r-  c:\users\USER\SkyDrive
2013-10-17 02:49 . 2013-10-17 02:49       --------   d-----w- c:\program files (x86)\Lame For Audacity
2013-10-14 15:06 . 2013-10-14 15:06       --------   d-----w- c:\users\USER\AppData\Roaming\3909
2013-10-13 10:58 . 2013-08-03 06:40       1374208              ----a-w- c:\windows\system32\wdc.dll
2013-10-13 10:58 . 2013-08-03 06:40       462336  ----a-w- c:\windows\system32\sysmon.ocx
2013-10-13 10:58 . 2013-08-03 06:40       566784  ----a-w- c:\windows\system32\wvc.dll
2013-10-13 10:58 . 2013-08-03 05:14       399360  ----a-w- c:\windows\SysWow64\sysmon.ocx
2013-10-13 10:58 . 2013-08-03 05:13       437248  ----a-w- c:\windows\SysWow64\wvc.dll
2013-10-13 10:58 . 2013-08-03 05:13       1245696              ----a-w- c:\windows\SysWow64\wdc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-08 17:03 . 2013-09-10 16:40       17813896            ----a-w-               c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-07 18:00 . 2013-04-28 19:10       499712  ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-11-05 00:22 . 2013-03-01 01:49       96784    ----a-w- c:\windows\SysWow64\packet.dll
2013-11-05 00:22 . 2013-03-01 01:49       106000  ----a-w- c:\windows\system32\packet.dll
2013-11-05 00:22 . 2013-03-01 01:49       369168  ----a-w- c:\windows\system32\wpcap.dll
2013-11-05 00:22 . 2013-03-01 01:49       35344    ----a-w- c:\windows\system32\drivers\npf.sys
2013-11-05 00:22 . 2013-03-01 01:49       281104  ----a-w- c:\windows\SysWow64\wpcap.dll
2013-10-23 10:30 . 2013-04-28 18:27       30344480            ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-23 10:30 . 2013-04-28 18:27       18286416            ----a-w-               c:\windows\system32\nvwgf2umx.dll
2013-10-23 10:30 . 2013-04-28 18:27       1435504              ----a-w-               c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2013-04-28 18:27       168616  ----a-w- c:\windows\system32\nvinitx.dll
2013-10-23 10:30 . 2013-04-28 18:27       141336  ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-23 10:30 . 2013-04-28 18:27       3067560              ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2013-04-28 18:27       2695200              ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-23 08:20 . 2013-04-28 18:28       6669600              ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-04-28 18:28       3489568              ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-04-28 18:28       922912  ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-04-28 18:28       67072    ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-10-23 08:20 . 2013-04-28 18:28       63776    ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-04-28 18:28       2559776              ----a-w- c:\windows\system32\nvsvcr.dll
2013-10-23 08:20 . 2013-04-28 18:28       219424  ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-04-28 18:28       1064224              ----a-w-               c:\windows\system32\nv3dappshext.dll
2013-10-23 08:20 . 2013-04-28 18:28       3426956              ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-21 02:00 . 2013-08-10 01:00       50784    ----a-w-               c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-10-12 02:26 . 2013-08-10 07:40       80541720            ----a-w- c:\windows\system32\MRT.exe
2013-10-08 03:54 . 2013-10-08 03:54       2973168              ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{422CA4EC-0570-4392-A174-10B56F5184C0}\Icon_2.exe
2013-10-08 03:54 . 2013-10-08 03:54       2973168              ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{422CA4EC-0570-4392-A174-10B56F5184C0}\Icon_1.exe
2013-10-07 19:04 . 2013-10-07 19:04       49152    ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe
2013-10-07 19:01 . 2013-10-07 19:01       49152    ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe
2013-10-02 01:38 . 2013-08-13 08:00       78296    ----a-w-               c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38 . 2013-08-13 08:00       694232  ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-27 23:01 . 2013-08-11 05:01       29984    ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-22 23:28 . 2013-10-09 02:33       1767936              ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 02:33       2876928              ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 22:55 . 2013-10-09 02:33       51712    ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 02:33       2241024              ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 02:33       1365504              ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 02:33       603136  ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 02:33       19252224            ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 02:33       855552  ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 02:33       3959296              ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 02:33       15404544            ----a-w- c:\windows\system32\ieframe.dll
2013-09-22 22:54 . 2013-10-09 02:33       2647552              ----a-w- c:\windows\system32\iertutil.dll
2013-09-12 07:58 . 2013-09-12 07:58       49152    ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{192D1C64-6349-4723-8045-88A471E8F897}\NewShortcut1_DD99C0F7DABF4947A0F7D817374E0518.exe
2013-09-12 07:58 . 2013-09-12 07:58       49152    ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{192D1C64-6349-4723-8045-88A471E8F897}\ARPPRODUCTICON.exe
2013-09-12 07:44 . 2013-09-12 07:44       49152    ----a-r-               c:\users\USER\AppData\Roaming\Microsoft\Installer\{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}\NewShortcut1_FD1E17BC29564AD7B937D23F06F1A5E8.exe
2013-08-29 04:29 . 2013-08-29 04:29       796672  ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2013-08-23 05:11 . 2013-10-09 02:30       4040192              ----a-w- c:\windows\system32\win32k.sys
2013-08-22 02:14 . 2013-08-22 02:14       1640544              ----a-w-               c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-08-21 07:34 . 2013-08-21 07:34       141496  ----a-w- c:\windows\system32\drivers\rzudd.sys
2013-08-20 08:35 . 2013-08-20 08:35       57344    ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2013-08-20 08:35 . 2013-08-20 08:35       154112  ----a-w- c:\windows\SysWow64\rztouchdll.dll
2013-08-20 08:34 . 2013-08-20 08:34       117248  ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2013-08-20 08:34 . 2013-08-20 08:34       296448  ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2013-08-18 20:08 . 2013-08-18 20:08       312232  ----a-w- c:\windows\system32\javaws.exe
2013-08-18 20:08 . 2013-08-18 20:08       189352  ----a-w- c:\windows\system32\javaw.exe
2013-08-18 20:08 . 2013-08-18 20:08       188840  ----a-w- c:\windows\system32\java.exe
2013-08-18 20:08 . 2013-08-18 20:08       108968  ----a-w-               c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-18 20:08 . 2013-08-17 19:01       972712  ----a-w- c:\windows\system32\deployJava1.dll
2013-08-18 20:08 . 2013-08-17 19:01       1093032              ----a-w-               c:\windows\system32\npDeployJava1.dll
2013-08-17 20:11 . 2013-08-17 20:11       280904  ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-08-17 20:11 . 2013-08-17 20:09       280904  ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-08-17 20:09 . 2013-08-17 20:09       189248  ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-17 20:09 . 2013-08-17 20:09       75136    ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-08-17 18:09 . 2013-08-17 18:11       447752  ----a-w- c:\windows\SysWow64\vp6vfw.dll
2013-08-16 05:41 . 2013-09-11 07:30       58200    ----a-w- c:\windows\system32\drivers\dam.sys
2013-08-16 05:39 . 2013-09-11 07:30       2371728              ----a-w- c:\windows\system32\WSService.dll
2013-08-16 05:39 . 2013-09-11 07:30       59416    ----a-w- c:\windows\system32\wuauclt.exe
2013-08-16 05:32 . 2013-09-11 07:30       209200  ----a-w- c:\windows\system32\NotificationUI.exe
2013-08-16 05:22 . 2013-09-11 07:30       40448    ----a-w- c:\windows\system32\wuapp.exe
2013-08-16 05:22 . 2013-09-11 07:30       4917760              ----a-w- c:\windows\system32\sppsvc.exe
2013-08-16 05:21 . 2013-09-11 07:30       3275776              ----a-w- c:\windows\system32\wuaueng.dll
2013-08-16 05:21 . 2013-09-11 07:30       99328    ----a-w- c:\windows\system32\wudriver.dll
2013-08-16 05:21 . 2013-09-11 07:30       49664    ----a-w- c:\windows\system32\wups.dll
2013-08-16 05:21 . 2013-09-11 07:30       49152    ----a-w- c:\windows\system32\wups2.dll
2013-08-16 05:21 . 2013-09-11 07:30       252416  ----a-w-               c:\windows\system32\WUSettingsProvider.dll
2013-08-16 05:21 . 2013-09-11 07:30       1621504              ----a-w- c:\windows\system32\wucltux.dll
2013-08-16 05:21 . 2013-09-11 07:30       142848  ----a-w- c:\windows\system32\wuwebv.dll
2013-08-16 05:21 . 2013-09-11 07:30       773120  ----a-w- c:\windows\system32\wuapi.dll
2013-08-16 05:21 . 2013-09-11 07:30       688640  ----a-w- c:\windows\system32\WSShared.dll
2013-08-16 05:21 . 2013-09-11 07:30       183808  ----a-w- c:\windows\system32\WSSync.dll
2013-08-16 05:21 . 2013-09-11 07:30       204800  ----a-w- c:\windows\system32\WSClient.dll
2013-08-16 05:21 . 2013-09-11 07:30       198656  ----a-w-               c:\windows\system32\Windows.ApplicationModel.Store.dll
2013-08-16 05:21 . 2013-09-11 07:30       163840  ----a-w-               c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-16 05:21 . 2013-09-11 07:30       174592  ----a-w- c:\windows\system32\storewuauth.dll
2013-08-16 05:21 . 2013-09-11 07:30       1164288              ----a-w- c:\windows\system32\sppobjs.dll
2013-08-16 05:21 . 2013-09-11 07:30       368640  ----a-w- c:\windows\system32\sppwinob.dll
2013-08-16 05:21 . 2013-09-11 07:30       81408    ----a-w- c:\windows\system32\setupcln.dll
2013-08-16 05:21 . 2013-09-11 07:30       120320  ----a-w- c:\windows\system32\sppc.dll
2013-08-16 05:20 . 2013-09-11 07:30       105984  ----a-w- c:\windows\system32\WinSetupUI.dll
2013-08-15 22:43 . 2013-09-11 07:30       35328    ----a-w- c:\windows\SysWow64\wuapp.exe
2013-08-15 22:43 . 2013-09-11 07:30       84992    ----a-w- c:\windows\SysWow64\wudriver.dll
2013-08-15 22:43 . 2013-09-11 07:30       628736  ----a-w- c:\windows\SysWow64\wuapi.dll
2013-08-15 22:43 . 2013-09-11 07:30       20992    ----a-w- c:\windows\SysWow64\wups.dll
2013-08-15 22:43 . 2013-09-11 07:30       126976  ----a-w- c:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43 . 2013-09-11 07:30       562688  ----a-w- c:\windows\SysWow64\WSShared.dll
2013-08-15 22:43 . 2013-09-11 07:30       159232  ----a-w- c:\windows\SysWow64\WSSync.dll
2013-08-15 22:43 . 2013-09-11 07:30       167424  ----a-w- c:\windows\SysWow64\WSClient.dll
2013-08-15 22:43 . 2013-09-11 07:30       143872  ----a-w-               c:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43 . 2013-09-11 07:30       124928  ----a-w-               c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-18 02:56             222832  ----a-w-               c:\users\USER\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-18 02:56             222832  ----a-w-               c:\users\USER\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-18 02:56             222832  ----a-w-               c:\users\USER\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             131248  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             131248  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             131248  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-08-09 4287536]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2012-07-19 4935112]
"uTorrent"="c:\users\USER\AppData\Roaming\uTorrent\uTorrent.exe" [2013-10-26 898904]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"SkyDrive"="c:\users\USER\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-10-18 257136]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-04-07 1044224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-05 6604568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-02-07 490480]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-07-31 78352]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-01-07 597880]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-08-15 606040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2013-10-29 528360]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-11-07 295512]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-6-12 2606448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-6-7 7959552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82.sys [x]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/04/28 12:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 ArcService;Arc Service;f:\perfect world\Arc\ArcService.exe;f:\perfect world\Arc\ArcService.exe [x]
R3 cpuz136;cpuz136;c:\users\USER\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\USER\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfBakerCamd64.sys [x]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfBakerRamd64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 rzjstk;Razer Virtual Joystick Driver;c:\windows\System32\drivers\rzjstk.sys;c:\windows\SYSNATIVE\drivers\rzjstk.sys [x]
R3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\System32\drivers\rzkeypadendpt.sys;c:\windows\SYSNATIVE\drivers\rzkeypadendpt.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bwcW8x64.sys;c:\windows\SYSNATIVE\DRIVERS\bwcW8x64.sys [x]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LeapService;Leap Service;c:\program files (x86)\Leap Motion\Core Services\LeapSvc.exe;c:\program files (x86)\Leap Motion\Core Services\LeapSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 ModernMix;Stardock ModernMix;c:\program files (x86)\Stardock\ModernMix\MMixSrv.exe;c:\program files (x86)\Stardock\ModernMix\MMixSrv.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 Start8;Stardock Start8;c:\program files (x86)\Stardock\Start8\Start8Srv.exe;c:\program files (x86)\Stardock\Start8\Start8Srv.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;d:\all\MSI Afterburner\RTCore64.sys;d:\all\MSI Afterburner\RTCore64.sys [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\System32\drivers\rzudd.sys;c:\windows\SYSNATIVE\drivers\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 11:04             1185744              ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 17:03]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18 20:49]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-18 02:56             261744  ----a-w-               c:\users\USER\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-18 02:56             261744  ----a-w-               c:\users\USER\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-18 02:56             261744  ----a-w-               c:\users\USER\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2012-06-02 20:25             445512  ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2012-06-02 20:25             445512  ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2012-06-02 20:25             445512  ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2012-06-02 20:25             445512  ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2012-06-02 20:25             445512  ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11             133400  ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             164016  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             164016  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             164016  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54             164016  ----a-w-               c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-27 13519432]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-01-28 452608]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2013-04-23 406920]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2013-04-23 406944]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-01-07 27648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-04-27 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-04-27 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-04-27 442696]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-06-08 393216]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B2F127B4-C000-4007-9251-C72ECB96E8A2}: NameServer = 24.178.162.3,24.177.176.38
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\hnddme1z.default\
FF - ExtSQL: 2013-09-18 16:49; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-07 13:01; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk - c:\program files (x86)\Logitech\G930\eReg.exe /remind /language=ENU /_WFM="blank"
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1833397686-3502027870-3353247548-1003CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:d3,5b,f6,fb,9b,62,94,a7,0e,e2,83,ed,72,0c,b2,c6,59,f8,4b,3c,ba,
   03,bf,30,bb,53,7c,22,33,a8,b8,95,3f,c2,55,45,f0,3d,5b,03,79,b8,84,ec,2d,ac,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-09  13:40:27
ComboFix-quarantined-files.txt  2013-11-09 18:40
.
Pre-Run: 27,896,729,600 bytes free
Post-Run: 27,782,049,792 bytes free
.
- - End Of File - - 59A8E8D296C9AA63684C0F24BF66616F
5FB38429D5D77768867C76DCBDB35194

Edited by nasdaq, 09 November 2013 - 01:54 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:18 AM

Posted 09 November 2013 - 01:58 PM

Looking better.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#7 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 November 2013 - 02:03 PM

Here's that log for you.

 

Spoiler

 

Does this mean Java is the only problem?


Edited by Jardyn, 09 November 2013 - 02:04 PM.


#8 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 November 2013 - 02:16 PM

Updated Java, here's the new security check. Still having the flash problem.

 

Spoiler


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:18 AM

Posted 10 November 2013 - 08:10 AM

I would remove Flash and Shockwave using the Add/Remove programs.

Restart the computer normally and re-install the applications.
http://www.shockwave.com/help/faq_flashplayer.jsp

If that fails to solve the problem then there is something else causing this problem.
Let me know what browser you are using when the problem occurs.

Keep me posted.

#10 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 10 November 2013 - 04:28 PM

Uninstalled, rebooted, and reinstalld flash and shockwave, no difference. Also, just to let you know (I have no idea if this would affect anything or not) my computer runs with two GPUs  (a Intel HD Graphics 4600, and a NVIDIA GeForce GTX 765M) I'm starting to discover that my computer has been defaulting to the Intel card instead of the Nvidia card, even when I have the Nvidia card set to be the default by using the NVidia software that came with it.

Not sure if that helps with anything, but I thought it might be useful information.

 

Also, it's not just flash player, downloaded videos don't work either, they'll show the first couple of frames with no sound and then freeze, fast forwarding through part of the video doesn't change anything. Both flash player, and downloaded videos work fine for the first couple of minutes right after a reboot.

 

- Jardyn.


Edited by Jardyn, 10 November 2013 - 04:30 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:18 AM

Posted 11 November 2013 - 08:58 AM

Also, just to let you know (I have no idea if this would affect anything or not) my computer runs with two GPUs (a Intel HD Graphics 4600, and a NVIDIA GeForce GTX 765M) I'm starting to discover that my computer has been defaulting to the Intel card instead of the Nvidia card, even when I have the Nvidia card set to be the default by using the NVidia software that came with it


This is someting you should check in the Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

It's not my forte.

I will leave this topic open you can return later.

#12 Jardyn

Jardyn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 11 November 2013 - 08:44 PM

Alright, thank you very much for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users