Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system sluggish


  • This topic is locked This topic is locked
16 replies to this topic

#1 ausghostdog

ausghostdog

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 01 March 2014 - 03:55 PM

Last few days my system has felt sluggish doing certain thing, I ran a quick malwarebytes scan and found five pup.optional.conduit.a. Thats when I just came here, I haven't removed them or anything. DDS logs as needed.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Ghostdog at 6:47:36 on 2014-03-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8088.5319 [GMT 10:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
D:\apps\m\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\apps\m\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
D:\apps\m\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp64.exe
D:\apps\m\m7\GIGABYTE FORCE.exe
C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp.exe
D:\apps\l\log\LWS\Webcam Software\LWS.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\apps\p\PuTTY\putty.exe
D:\apps\f\firefox\firefox.exe
D:\apps\f\firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\wuauclt.exe
D:\apps\i\Internet Download Manager\IDMan.exe
D:\apps\i\Internet Download Manager\IEMonitor.exe
D:\apps\m\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\apps\i\Internet Download Manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [OpenHardwareMonitor] C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
uRun: [Fan Control Software] <no file>
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [GMouse] "D:\apps\m\m7\GIGABYTE FORCE.EXE" /hide
mRun: [LWS] D:\apps\l\log\LWS\Webcam Software\LWS.exe -hide
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - D:\apps\i\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - D:\apps\i\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A594E148-1B1E-419B-B1A8-2DD3495C6E3D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{A594E148-1B1E-419B-B1A8-2DD3495C6E3D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {5571424C-F077-499B-A416-62B687366A08} - Msiexec.exe /fpum {5571424C-F077-499B-A416-62B687366A08} /qn
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\apps\i\Internet Download Manager\IDMIECC64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: D:\apps\v\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-21 283200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2013-10-15 214512]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-12-15 175480]
R2 MBAMScheduler;MBAMScheduler;D:\apps\m\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-23 418376]
R2 MBAMService;MBAMService;D:\apps\m\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-23 701512]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2013-4-17 417912]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-18 232880]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-18 1448368]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-18 97712]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2012-12-18 1617328]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-25 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-15 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-15 29280]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-22 351520]
R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-4 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-1 32344]
R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2013-9-24 19456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-8-13 124088]
S2 SkypeUpdate;Skype Updater;D:\apps\s\skype\Updater\Updater.exe [2013-10-23 172192]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-5-17 49152]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-3-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-3-13 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-18 232880]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-18 1448368]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-18 97712]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;C:\Windows\System32\drivers\psmounterex.sys [2013-4-17 63096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-4 19456]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-6-8 115296]
.
=============== Created Last 30 ================
.
2014-02-21 10:48:43    --------    d-----w-    C:\ProgramData\SIX Networks
2014-02-21 10:47:55    --------    d-----w-    C:\Users\Ghostdog\AppData\Roaming\SIX Networks
2014-02-21 10:47:55    --------    d-----w-    C:\Users\Ghostdog\AppData\Local\SIX Networks
2014-02-13 01:47:04    --------    d-----w-    C:\Users\Ghostdog\AppData\Local\RealVNC
2014-02-13 01:29:39    --------    d-----w-    C:\ProgramData\Oracle
2014-02-09 07:44:30    --------    d-----w-    C:\Users\Ghostdog\AppData\Roaming\BANDISOFT
2014-02-09 07:44:19    --------    d-----w-    C:\Program Files (x86)\BandiMPEG1
2014-02-07 20:16:01    --------    d-----w-    C:\Users\Ghostdog\AppData\Roaming\Awesomium
2014-02-06 03:34:35    4230040    ----a-w-    C:\Windows\SysWow64\GameMon.des
2014-02-06 03:34:23    5174    ----a-w-    C:\Windows\SysWow64\nppt9x.vxd
2014-02-06 03:34:23    4682    ----a-w-    C:\Windows\SysWow64\npptNT2.sys
2014-02-06 03:34:13    --------    d-----w-    C:\Program Files\Common Files\INCA Shared
2014-02-06 00:34:45    --------    d-----w-    C:\Users\Ghostdog\AppData\Local\WarThunder
2014-02-06 00:34:45    --------    d-----w-    C:\ProgramData\WarThunder
2014-02-05 11:42:25    --------    d-----w-    C:\Users\Ghostdog\AppData\Local\My Games
2014-02-05 02:22:34    --------    d-----w-    C:\Users\Ghostdog\AppData\Roaming\com.immersyve.Paladin.live
2014-02-04 12:40:01    79256    ----a-w-    C:\Windows\SysWow64\npOGPPlugin.dll
2014-02-04 12:40:00    271768    ----a-w-    C:\Windows\SysWow64\OGPIEPlugin.ocx
2014-02-04 12:39:59    --------    d-----w-    C:\Program Files (x86)\OGPlanet
.
==================== Find3M  ====================
.
2014-02-18 08:28:25    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2014-02-18 08:28:25    178272    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2014-02-18 08:28:25    115296    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2014-02-18 08:28:24    458336    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2014-02-08 17:42:36    6712608    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-02-08 17:42:36    3498272    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-02-08 17:42:33    923936    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-02-08 17:42:32    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2014-02-08 17:42:32    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-02-05 17:52:50    3573739    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-12-22 23:49:33    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-22 23:49:33    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-15 03:09:17    2560    ----a-w-    C:\Windows\_MSRSTRT.EXE
2013-12-15 03:03:22    109696    ----a-w-    C:\Windows\SysWow64\EasyHook64.dll
2013-12-15 03:00:03    172032    ----a-w-    C:\Windows\SysWow64\AniGIF.ocx
2013-12-11 21:53:30    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH:  6:47:46.46 ===============
 

Attached Files


Edited by ausghostdog, 01 March 2014 - 04:02 PM.


BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 02 March 2014 - 12:46 PM

:welcome:

Hello ausghostdog,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 02 March 2014 - 05:29 PM

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.117  
 Mozilla Firefox (27.0.1)
 Mozilla Thunderbird (24.3.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe  
 m Malwarebytes' Anti-Malware mbamscheduler.exe  
 Thermaltake Fan Control Software OpenHardwareMonitor OpenHardwareMonitor.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2014 03
Ran by Ghostdog at 2014-03-03 08:28:07
Running from C:\Users\Ghostdog\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1953 - KGB Unleashed (HKLM-x32\...\Steam App 248490) (Version:  - )
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
A Game of Dwarves (HKLM-x32\...\Steam App 200370) (Version:  - Zeal Game Studio)
A New Beginning - Final Cut (HKLM-x32\...\Steam App 105000) (Version:  - Daedalic Entertainment)
A Valley Without Wind (HKLM-x32\...\Steam App 209330) (Version:  - Arcen Games, LLC)
A Valley Without Wind 2 (HKLM-x32\...\Steam App 228320) (Version:  - Arcen Games, LLC)
A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version:  - Misfits Attic)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games, LLC)
AirBuccaneers (HKLM-x32\...\Steam App 223630) (Version:  - LudoCraft Ltd.)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alpha Protocol (HKLM-x32\...\Steam App 34010) (Version:  - Obsidian Entertainment)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
AquaNox (HKLM-x32\...\Steam App 39630) (Version:  - Nordic Games)
AquaNox 2: Revelation (HKLM-x32\...\Steam App 39640) (Version:  - Nordic Games)
Aquaria (HKLM-x32\...\Steam App 24420) (Version:  - Bit Blot, LLC)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version:  - Spellbound Studios)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Atom Zombie Smasher  (HKLM-x32\...\Steam App 55040) (Version:  - Blendo Games)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
AVSEQ (HKLM-x32\...\Steam App 207670) (Version:  - Big Robot Ltd)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Back to the Future: Ep 1 - It's About Time (HKLM-x32\...\Steam App 31290) (Version:  - Telltale Games)
Back to the Future: Ep 2 - Get Tannen! (HKLM-x32\...\Steam App 94500) (Version:  - Telltale Games)
Back to the Future: Ep 3 - Citizen Brown (HKLM-x32\...\Steam App 94510) (Version:  - Telltale Games)
Back to the Future: Ep 4 - Double Visions (HKLM-x32\...\Steam App 94520) (Version:  - Telltale Games)
Back to the Future: Ep 5 - OUTATIME (HKLM-x32\...\Steam App 94530) (Version:  - Telltale Games)
Bad Rats (HKLM-x32\...\Steam App 34900) (Version:  - Invent4 Entertainment)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Overhaul Games)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.1.419 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version:  - DICE)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
BEEP (HKLM-x32\...\Steam App 104200) (Version:  - Big Fat Alien)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Blackwell Deception (HKLM-x32\...\Steam App 80360) (Version:  - Wadjet Eye Games)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
BRINK (HKLM-x32\...\Steam App 22350) (Version:  - Splash Damage)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Brothers in Arms: Earned in Blood (HKLM-x32\...\Steam App 19800) (Version:  - Gearbox Software)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
Bullzip PDF Printer 9.2.0.1499 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.2.0.1499 - Bullzip)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Cthulhu: Dark Corners of the Earth (HKLM-x32\...\Steam App 22340) (Version:  - Headfirst Productions)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Juarez: Bound in Blood (HKLM-x32\...\Steam App 21980) (Version:  - Techland)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cannon Fodder 3 (HKLM-x32\...\Steam App 209750) (Version:  - Burut CT)
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - Alientrap Games Inc)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CCVI Driver x64 (x32 Version: 0.2.0000 - Asetek A/S) Hidden
Chaser (HKLM-x32\...\Steam App 39670) (Version:  - Cauldron)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
CID The Dummy (HKLM-x32\...\Steam App 45900) (Version:  - TWELVE)
Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Citadels (HKLM-x32\...\Steam App 238870) (Version:  - Games Distillery s.r.o.)
Cities in Motion (HKLM-x32\...\Steam App 73010) (Version:  - Colossal Order Ltd.)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
Cogs (HKLM-x32\...\Steam App 26500) (Version:  - Lazy 8 Studios)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
Command and Conquer 4: Tiberian Twilight (HKLM-x32\...\Steam App 47700) (Version:  - EA Los Angeles)
Commander Keen Complete Pack (HKLM-x32\...\Steam App 9180) (Version:  - id Software)
Commander: Conquest of the Americas (HKLM-x32\...\Steam App 49300) (Version:  - Nitro Games)
Commandos 2: Men of Courage (HKLM-x32\...\Steam App 6830) (Version:  - Pyro Studios)
Commandos 3: Destination Berlin (HKLM-x32\...\Steam App 6840) (Version:  - Pyro Studios)
Commandos: Behind Enemy Lines (HKLM-x32\...\Steam App 6800) (Version:  - Pyro Studios)
Commandos: Beyond the Call of Duty (HKLM-x32\...\Steam App 6810) (Version:  - Pyro Studios)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version:  - Relic Entertainment)
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crayon Physics Deluxe (HKLM-x32\...\Steam App 26900) (Version:  - Kloonigames)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Crusader Kings Complete (HKLM-x32\...\Steam App 204940) (Version:  - Paradox Development Studio)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
Cryostasis (HKLM-x32\...\Steam App 7850) (Version:  - Action Forms)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Crysis Warhead (HKLM-x32\...\Steam App 17330) (Version:  - Crytek)
Crysis Wars (HKLM-x32\...\Steam App 17340) (Version:  - Crytek)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Sector (HKLM-x32\...\Steam App 29900) (Version:  - Digital Extremes)
Darkest Hour: Europe '44-'45 (HKLM-x32\...\Steam App 1280) (Version:  - Darkest Hour Team)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0 Platinum) (Version: 8.0 Platinum - )
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0.1 Platinum) (Version: 8.0.1 Platinum - )
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Horde (HKLM-x32\...\Steam App 27940) (Version:  - DnS Development)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Rising 2: Off the Record (HKLM-x32\...\Steam App 45770) (Version:  - Capcom Vancouver)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - thechineseroom & Robert Briscoe)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{50A2E193-04E5-4CFB-B39C-1B14BB1F6DF3}) (Version:  - Microsoft)
Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version:  - )
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
Deus Ex: Invisible War (HKLM-x32\...\Steam App 6920) (Version:  - Ion Storm)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
Disciples II: Rise of the Elves (HKLM-x32\...\Steam App 1630) (Version:  - Strategy First)
Disciples III: Resurrection (HKLM-x32\...\Steam App 200670) (Version:  - Akella)
Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dogfight 1942 (HKLM-x32\...\Steam App 217790) (Version:  - City Interactive)
DogFighter (HKLM-x32\...\Steam App 42500) (Version:  - Dark Water Studios, Ltd.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
DOOM 3 (HKLM-x32\...\Steam App 9050) (Version:  - id Software)
DOOM 3: Resurrection of Evil (HKLM-x32\...\Steam App 9070) (Version:  - id Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )
F1 2011 (HKLM-x32\...\Steam App 44360) (Version:  - Codemasters Birmingham)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fan Control Software (HKLM-x32\...\{5571424C-F077-499B-A416-62B687366A08}) (Version: 1.6.0000 - Thermaltake)
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
foobar2000 v1.2.4 (HKLM-x32\...\foobar2000) (Version: 1.2.4 - Peter Pawlowski)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
freeSSHd 1.2.6 (HKLM-x32\...\70DBC326-7505-4913-A0C1-C6BD87C1859D_is1) (Version:  - Kresimir Petric)
Frontlines: Fuel of War (HKLM-x32\...\Steam App 9460) (Version:  - Kaos Studios)
Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version:  - Stardock Entertainment)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GIGABYTE FORCE Driver (HKLM-x32\...\GMouse) (Version:  - )
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Macrium Reflect Free Edition (HKLM\...\{5F416F6B-56FE-4288-982B-A1DA5895D690}) (Version: 5.1.5732 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Men of War (HKLM-x32\...\Steam App 7830) (Version:  - Best Way)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Men of War: Assault Squad 2 (HKLM-x32\...\Steam App 244450) (Version:  - Digitalmindsoft)
Men of War: Condemned Heroes (HKLM-x32\...\Steam App 204860) (Version:  - 1C-SoftClub)
Men of War: Red Tide (HKLM-x32\...\Steam App 3130) (Version:  - 1C Company)
Men of War: Vietnam (HKLM-x32\...\Steam App 63940) (Version:  - 1C Company)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}) (Version:  - Microsoft)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open Workbench (HKLM-x32\...\{AED0B5AC-0771-4600-9777-9C4C910EBE09}) (Version: 1.1.3 - Niku)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.2.16 (HKLM\...\{4CC3444D-7279-4E83-984F-18E9A7B2E803}) (Version: 4.2.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version:  - Firaxis Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spacebase DF-9 (HKLM-x32\...\Steam App 246090) (Version:  - Double Fine Productions)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The 39 Steps (HKLM-x32\...\Steam App 234940) (Version:  - The Story Mechanics)
The Baconing (HKLM-x32\...\Steam App 18070) (Version:  - Hothead Games)
The Ball (HKLM-x32\...\Steam App 35460) (Version:  - Teotl Studios)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Dead Linger (HKLM-x32\...\Steam App 245130) (Version:  - Sandswept Studios)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Guild II (HKLM-x32\...\Steam App 39650) (Version:  - 4 Head Studios)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TSLRCM 1.6 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
Uncharted Waters Online version 3.016 (HKLM-x32\...\{63AAA5A8-3506-48B2-A5A0-A310936FC808}_is1) (Version: 3.016 - OGPlanet, Inc)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{D9CF6D64-9342-4C83-A9C1-F45DE139F2A7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{CABC3FE9-02BD-47C8-8576-EA3E8BB1BE1A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{A8EC00BF-EDF5-46F0-B466-C4312722D8F3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{02A7E7E4-15FB-4240-963D-61E9029E0135}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{BE0D098C-1F21-481C-BA71-ECAD0F770E23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{7750DF63-F5DC-4198-8B8B-AE03B212F462}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{7750DF63-F5DC-4198-8B8B-AE03B212F462}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E1757044-ECB2-4551-B1D5-5E39F7E109CE}) (Version:  - Microsoft)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version: 1.0.0.6505 - NCSOFT)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
win-sshfs (HKLM-x32\...\win-sshfs) (Version: 0.0.1.5 - Dragan Mladjenovic)
win-sshfs (x32 Version: 0.0.1.5 - Dragan Mladjenovic) Hidden
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1) (Version:  - Wargaming.net)
WoT Statistics (HKLM-x32\...\WoT Statistics_is1) (Version: 2.0.6.63 - Nick Saaiman)
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version:  - )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)

==================== Restore Points  =========================

21-02-2014 10:42:07 Removed Play withSIX.
21-02-2014 10:47:45 Installed AwesomiumSetup.
21-02-2014 10:58:20 Removed AwesomiumSetup.
21-02-2014 11:04:03 Installed AwesomiumSetup.
21-02-2014 11:05:18 Removed AwesomiumSetup.
21-02-2014 11:08:19 Installed DayZ Commander
24-02-2014 02:00:13 Installed DirectX
27-02-2014 10:17:38 Installed Windows 7 USB/DVD Download Tool
28-02-2014 00:13:03 Removed Windows 7 USB/DVD Download Tool
28-02-2014 04:04:05 Installed Java 7 Update 51
01-03-2014 20:43:45 Removed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10C4F38E-5B80-4487-8954-CA9AD0F65432} - System32\Tasks\Startup => C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe [2013-07-30] ()
Task: {6BB8C0D9-9947-422D-B758-3913FAFE00A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-26] (Piriform Ltd)
Task: {851A8BD8-2B4D-4AA7-A3FE-5320E44A9F3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-23] (Adobe Systems Incorporated)
Task: {EDCDA48C-5F70-4CCF-ACF6-5C228A95639C} - System32\Tasks\My Backup(1) xml => c:\program files\macrium\reflect\reflect.exe [2013-04-17] (Paramount Software UK Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\My Backup(1) xml.job => c:\program files\macrium\reflect\reflect.exe
Task: C:\Windows\Tasks\Startup.job => C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe

==================== Loaded Modules (whitelisted) =============

2013-11-01 13:36 - 2014-02-09 03:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-17 03:54 - 2013-04-17 03:08 - 00417912 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2011-07-30 05:31 - 2011-07-30 05:31 - 01249064 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe
2010-01-03 00:42 - 2010-01-03 00:42 - 00098304 _____ () D:\apps\f\FileZilla FTP Client\fzshellext_64.dll
2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-30 06:52 - 2013-07-30 06:52 - 00486912 _____ () C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
2013-07-30 06:52 - 2013-07-30 06:52 - 00149504 _____ () C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\Aga.Controls.dll
2013-07-30 06:52 - 2013-07-30 06:52 - 00259584 _____ () C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitorLib.dll
2012-10-04 16:12 - 2012-10-04 16:12 - 01253376 _____ () D:\apps\m\m7\GIGABYTE FORCE.exe
2013-11-01 13:36 - 2014-02-09 03:42 - 00063264 _____ () C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp64.exe
2013-11-01 13:36 - 2014-02-09 03:42 - 00063264 _____ () C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00347944 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
2011-07-14 04:35 - 2011-07-14 04:35 - 04534072 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00083768 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00313640 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00795448 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
2011-07-14 04:35 - 2011-07-14 04:35 - 00203064 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
2011-07-14 04:36 - 2011-07-14 04:36 - 00509720 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
2013-11-01 13:36 - 2014-02-09 03:42 - 00107808 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-12-18 18:32 - 2012-12-18 18:32 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () D:\apps\l\log\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () D:\apps\l\log\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () D:\apps\l\log\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () D:\apps\l\log\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () D:\apps\l\log\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-03-13 12:09 - 2009-06-29 10:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-16 08:28 - 2014-02-16 08:28 - 03578992 _____ () D:\apps\f\firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Ghostdog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Ghostdog\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\apps\d\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LWS => D:\apps\w\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 08:07:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 01:26:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 10:03:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: eso.exe, version: 1.0.0.1, time stamp: 0x530b2d69
Faulting module name: eso.exe, version: 1.0.0.1, time stamp: 0x530b2d69
Exception code: 0xc0000005
Fault offset: 0x001117e6
Faulting process id: 0x8c8
Faulting application start time: 0xeso.exe0
Faulting application path: eso.exe1
Faulting module path: eso.exe2
Report Id: eso.exe3

Error: (03/02/2014 09:59:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: eso.exe, version: 1.0.0.1, time stamp: 0x530b2d69
Faulting module name: eso.exe, version: 1.0.0.1, time stamp: 0x530b2d69
Exception code: 0xc0000005
Fault offset: 0x0039a773
Faulting process id: 0x17e4
Faulting application start time: 0xeso.exe0
Faulting application path: eso.exe1
Faulting module path: eso.exe2
Report Id: eso.exe3

Error: (03/02/2014 07:20:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 06:28:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 10:45:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 11:16:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 01:56:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: shipping-thiefgame.exe, version: 1.1.0.0, time stamp: 0x530f02ef
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1134
Faulting application start time: 0xshipping-thiefgame.exe0
Faulting application path: shipping-thiefgame.exe1
Faulting module path: shipping-thiefgame.exe2
Report Id: shipping-thiefgame.exe3

Error: (02/28/2014 01:37:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: shipping-thiefgame.exe, version: 1.1.0.0, time stamp: 0x530f02ef
Faulting module name: shipping-thiefgame.exe, version: 1.1.0.0, time stamp: 0x530f02ef
Exception code: 0xc0000005
Fault offset: 0x00000000007ea51b
Faulting process id: 0xa0c
Faulting application start time: 0xshipping-thiefgame.exe0
Faulting application path: shipping-thiefgame.exe1
Faulting module path: shipping-thiefgame.exe2
Report Id: shipping-thiefgame.exe3


System errors:
=============
Error: (03/02/2014 07:18:37 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:16:36 AM on ‎2/‎03/‎2014 was unexpected.

Error: (02/27/2014 11:26:04 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR14.

Error: (02/27/2014 11:26:03 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR14.

Error: (02/27/2014 11:26:02 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR14.

Error: (02/27/2014 11:16:38 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR13.

Error: (02/27/2014 11:16:37 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR13.

Error: (02/27/2014 11:16:36 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR13.

Error: (02/27/2014 11:16:36 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR13.

Error: (02/27/2014 10:35:24 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR12.

Error: (02/27/2014 10:35:23 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR12.


Microsoft Office Sessions:
=========================
Error: (03/03/2014 08:07:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 01:26:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 10:03:12 AM) (Source: Application Error)(User: )
Description: eso.exe1.0.0.1530b2d69eso.exe1.0.0.1530b2d69c0000005001117e68c801cf35aa5a371e82G:\e\eso\The Elder Scrolls Online\game\client\eso.exeG:\e\eso\The Elder Scrolls Online\game\client\eso.exe0b075708-a19e-11e3-b630-002522e8597f

Error: (03/02/2014 09:59:17 AM) (Source: Application Error)(User: )
Description: eso.exe1.0.0.1530b2d69eso.exe1.0.0.1530b2d69c00000050039a77317e401cf35a7d81343dcG:\e\eso\The Elder Scrolls Online\game\client\eso.exeG:\e\eso\The Elder Scrolls Online\game\client\eso.exe7eeef5ab-a19d-11e3-b630-002522e8597f

Error: (03/02/2014 07:20:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 06:28:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 10:45:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 11:16:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 01:56:56 PM) (Source: Application Error)(User: )
Description: shipping-thiefgame.exe1.1.0.0530f02efntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102113401cf34368872ea39G:\s\Steam\steamapps\common\Thief\binaries\win64\shipping-thiefgame.exeC:\Windows\SYSTEM32\ntdll.dll5d39568b-a02c-11e3-8fa1-002522e8597f

Error: (02/28/2014 01:37:39 PM) (Source: Application Error)(User: )
Description: shipping-thiefgame.exe1.1.0.0530f02efshipping-thiefgame.exe1.1.0.0530f02efc000000500000000007ea51ba0c01cf343131324087G:\s\Steam\steamapps\common\Thief\binaries\win64\shipping-thiefgame.exeG:\s\Steam\steamapps\common\Thief\binaries\win64\shipping-thiefgame.exeabdfc61d-a029-11e3-8fa1-002522e8597f


CodeIntegrity Errors:
===================================
  Date: 2014-03-02 23:03:51.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 23:03:51.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 23:03:51.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 23:03:51.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 23:03:51.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 23:03:51.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 22:32:59.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 22:32:59.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 22:32:59.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-02 22:32:59.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8087.89 MB
Available physical RAM: 5671.82 MB
Total Pagefile: 16173.95 MB
Available Pagefile: 12965.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:63.02 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:886.33 GB) (Free:568.71 GB) NTFS
Drive e: (a-g) (Fixed) (Total:1863.01 GB) (Free:16.64 GB) NTFS
Drive f: (h-t) (Fixed) (Total:1863.02 GB) (Free:343.21 GB) NTFS
Drive g: (games) (Fixed) (Total:1863.01 GB) (Free:999.55 GB) NTFS
Drive i: (t-z) (Fixed) (Total:976.56 GB) (Free:32.55 GB) NTFS
Drive j: (movies) (Fixed) (Total:1863.01 GB) (Free:177.66 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 03
Ran by Ghostdog (administrator) on GHOSTDOG-PC on 03-03-2014 08:27:45
Running from C:\Users\Ghostdog\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Malwarebytes Corporation) D:\apps\m\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\apps\m\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Malwarebytes Corporation) D:\apps\m\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() D:\apps\m\m7\GIGABYTE FORCE.exe
(Logitech Inc.) D:\apps\l\log\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
() C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp64.exe
() C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp.exe
() C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Simon Tatham) D:\apps\p\PuTTY\putty.exe
(Mozilla Corporation) D:\apps\f\firefox\firefox.exe
(Tonec Inc.) D:\apps\i\Internet Download Manager\IDMan.exe
(Tonec Inc.) D:\apps\i\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKLM-x32\...\Run: [GMouse] - D:\apps\m\m7\GIGABYTE FORCE.EXE [1253376 2012-10-04] ()
HKLM-x32\...\Run: [LWS] - D:\apps\l\log\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3986059063-3246995217-940133027-1000\...\Run: [OpenHardwareMonitor] - C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe [486912 2013-07-30] ()
HKU\S-1-5-21-3986059063-3246995217-940133027-1000\...\Run: [Fan Control Software] - [X]
HKU\S-1-5-21-3986059063-3246995217-940133027-1000\...\Policies\Explorer: [NoLowDiscSpaceChecks] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-09] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\apps\i\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\apps\i\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A594E148-1B1E-419B-B1A8-2DD3495C6E3D}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "no_proxies_on", " 192.168.0.1, .overclockers.com.au, .usq.edu.au, .reddit.com, .youtube.com, imgur.com, http://watchcric.com, .buyvm.net,  http://resonancegaming.com.au, http://chubbyparade.com/, spi0n.com"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - D:\apps\v\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - D:\apps\v\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: ubisoft.com/uplaypc - G:\games\game\u\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: ReminderFox - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-02-22]
FF Extension: Ghostery - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\firefox@ghostery.com.xpi [2013-12-20]
FF Extension: Imgur Uploader - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\giorgio@gilestro.tk.xpi [2013-12-20]
FF Extension: Reddit Enhancement Suite - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-12-20]
FF Extension: Speed Dial - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - D:\apps\v\SPEEDbit Video Downloader\SPFireFox
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-14]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5 [2013-12-15]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5 [2013-12-15]
FF StartMenuInternet: FIREFOX.EXE - D:\apps\f\firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Uplay PC) - G:\games\game\u\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Extension: (Google Drive) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (YouTube) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-22]
CHR Extension: (Google Search) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-05-10]
CHR Extension: (Speed Dial) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-08-22]
CHR Extension: (Logitech SetPoint) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-05-10]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2013-08-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-08-22]
CHR Extension: (Content Blocker) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-05-10]
CHR Extension: (Virtual Keyboard) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-05-10]
CHR Extension: (IDM Integration Module) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-08-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-22]
CHR Extension: (AntiGameOrigin) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2013-08-22]
CHR Extension: (Ghostery) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\apps\i\Internet Download Manager\IDMGCExt.crx [2013-12-15]

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-27] ()
R2 MBAMScheduler; D:\apps\m\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\apps\m\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4230040 2013-04-15] (INCA Internet Co., Ltd.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [417912 2013-04-17] ()
S2 SkypeUpdate; D:\apps\s\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-30] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-21] (DT Soft Ltd)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-18] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [63096 2013-04-17] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 cpuz135; \??\C:\Users\Ghostdog\Desktop\pc-wizard_2012.2.11\pcwiz_x64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 08:27 - 2014-03-03 08:27 - 02156544 _____ (Farbar) C:\Users\Ghostdog\Desktop\FRST64.exe
2014-03-03 08:27 - 2014-03-03 08:27 - 00020224 _____ () C:\Users\Ghostdog\Desktop\FRST.txt
2014-03-03 08:27 - 2014-03-03 08:27 - 00000000 ____D () C:\FRST
2014-03-03 08:26 - 2014-03-03 08:26 - 00001189 _____ () C:\Users\Ghostdog\Desktop\checkup.txt
2014-03-03 08:23 - 2014-03-03 08:23 - 00987425 _____ () C:\Users\Ghostdog\Desktop\SecurityCheck.exe
2014-03-02 21:09 - 2014-03-02 21:11 - 106658816 _____ () C:\Users\Ghostdog\Desktop\Le Zap de Spi0n.com n°208.flv
2014-03-01 14:03 - 2014-03-01 14:03 - 00007605 _____ () C:\Users\Ghostdog\AppData\Local\Resmon.ResmonCfg
2014-02-28 23:45 - 2014-02-28 23:45 - 00005059 _____ () C:\Users\Ghostdog\AppData\Local\recently-used.xbel
2014-02-28 14:16 - 2014-02-28 14:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 14:14 - 2014-02-09 04:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-28 14:14 - 2014-02-09 04:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-27 20:04 - 2014-02-28 13:37 - 00000000 ____D () C:\Users\Ghostdog\Documents\Thief
2014-02-22 22:32 - 2014-02-22 22:32 - 00003411 _____ () C:\Users\Ghostdog\Documents\My Movie.wlmp
2014-02-21 20:48 - 2014-02-21 20:48 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\SIX Networks
2014-02-18 23:01 - 2014-02-19 07:42 - 00000000 ____D () C:\Users\Ghostdog\Documents\Banished
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-13 11:47 - 2014-02-13 11:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\RealVNC
2014-02-13 11:29 - 2014-02-28 14:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 17:58 - 2014-02-11 17:58 - 00001718 _____ () C:\Users\Ghostdog\.gtk-bookmarks
2014-02-09 17:44 - 2014-02-09 17:44 - 00000000 ____D () C:\Users\Ghostdog\Documents\Bandicam
2014-02-09 17:44 - 2014-02-09 17:44 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\BANDISOFT
2014-02-09 17:44 - 2014-02-09 17:44 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-08 06:16 - 2014-03-02 15:41 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Awesomium
2014-02-06 13:34 - 2014-02-06 13:34 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-02-06 13:34 - 2013-04-15 00:01 - 04230040 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2014-02-06 13:34 - 2005-01-02 04:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2014-02-06 13:34 - 2003-07-18 13:17 - 00005174 _____ () C:\Windows\SysWOW64\nppt9x.vxd
2014-02-06 10:34 - 2014-02-06 10:34 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\WarThunder
2014-02-06 10:34 - 2014-02-06 10:34 - 00000000 ____D () C:\ProgramData\WarThunder
2014-02-06 09:32 - 2014-02-06 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 21:42 - 2014-02-24 12:00 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\My Games
2014-02-05 21:39 - 2014-02-24 14:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-05 12:22 - 2014-02-05 12:22 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\com.immersyve.Paladin.live
2014-02-04 22:40 - 2009-11-19 03:33 - 00271768 _____ (OGPlanet) C:\Windows\SysWOW64\OGPIEPlugin.ocx
2014-02-04 22:40 - 2009-11-19 03:33 - 00079256 _____ (OGPlanet) C:\Windows\SysWOW64\npOGPPlugin.dll
2014-02-04 22:39 - 2014-02-04 22:39 - 00000000 ____D () C:\Program Files (x86)\OGPlanet

==================== One Month Modified Files and Folders =======

2014-03-03 08:27 - 2014-03-03 08:27 - 02156544 _____ (Farbar) C:\Users\Ghostdog\Desktop\FRST64.exe
2014-03-03 08:27 - 2014-03-03 08:27 - 00020224 _____ () C:\Users\Ghostdog\Desktop\FRST.txt
2014-03-03 08:27 - 2014-03-03 08:27 - 00000000 ____D () C:\FRST
2014-03-03 08:27 - 2013-03-04 21:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-03 08:26 - 2014-03-03 08:26 - 00001189 _____ () C:\Users\Ghostdog\Desktop\checkup.txt
2014-03-03 08:23 - 2014-03-03 08:23 - 00987425 _____ () C:\Users\Ghostdog\Desktop\SecurityCheck.exe
2014-03-03 08:12 - 2009-07-14 14:45 - 00024528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 08:12 - 2009-07-14 14:45 - 00024528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 08:09 - 2013-03-04 17:00 - 01751751 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 08:09 - 2009-07-14 15:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 08:06 - 2013-08-27 22:01 - 00000600 _____ () C:\Users\Ghostdog\AppData\Local\PUTTY.RND
2014-03-03 08:06 - 2013-08-07 21:59 - 00735306 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
2014-03-03 08:05 - 2014-01-22 09:20 - 00004436 _____ () C:\Windows\setupact.log
2014-03-03 08:05 - 2014-01-16 12:33 - 00000636 _____ () C:\Windows\Tasks\Startup.job
2014-03-03 08:05 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 00:17 - 2013-03-04 20:04 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\DMCache
2014-03-02 21:11 - 2014-03-02 21:09 - 106658816 _____ () C:\Users\Ghostdog\Desktop\Le Zap de Spi0n.com n°208.flv
2014-03-02 15:41 - 2014-02-08 06:16 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Awesomium
2014-03-02 10:29 - 2013-05-17 14:37 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\ArmA 2 OA
2014-03-02 10:23 - 2013-07-25 18:16 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\FileZilla
2014-03-02 09:04 - 2013-04-04 10:43 - 00000000 ____D () C:\Users\Ghostdog\.VirtualBox
2014-03-02 08:02 - 2013-04-04 11:14 - 00000000 ____D () C:\Users\Ghostdog\VirtualBox VMs
2014-03-01 14:03 - 2014-03-01 14:03 - 00007605 _____ () C:\Users\Ghostdog\AppData\Local\Resmon.ResmonCfg
2014-02-28 23:45 - 2014-02-28 23:45 - 00005059 _____ () C:\Users\Ghostdog\AppData\Local\recently-used.xbel
2014-02-28 23:45 - 2013-03-04 20:43 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\deluge
2014-02-28 23:36 - 2013-10-14 14:21 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\vlc
2014-02-28 14:16 - 2014-02-28 14:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 14:16 - 2013-03-04 19:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-28 14:15 - 2013-06-25 09:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-28 14:04 - 2014-02-13 11:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-28 13:37 - 2014-02-27 20:04 - 00000000 ____D () C:\Users\Ghostdog\Documents\Thief
2014-02-27 21:16 - 2013-03-04 20:19 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\foobar2000
2014-02-27 18:43 - 2014-01-30 15:09 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 18:08 - 2013-05-04 08:03 - 00000418 _____ () C:\Windows\Tasks\My Backup(1) xml.job
2014-02-26 00:09 - 2013-09-11 15:46 - 00000000 ____D () C:\Users\Ghostdog\Documents\My Cheat Tables
2014-02-25 15:11 - 2013-03-09 09:26 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-25 09:40 - 2014-01-22 09:19 - 00003406 _____ () C:\Windows\PFRO.log
2014-02-24 14:47 - 2014-02-05 21:39 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-24 12:00 - 2014-02-05 21:42 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\My Games
2014-02-24 12:00 - 2014-01-28 16:15 - 00083062 _____ () C:\Windows\DirectX.log
2014-02-24 12:00 - 2013-03-04 19:11 - 00000000 ____D () C:\Users\Ghostdog\Documents\my games
2014-02-22 22:32 - 2014-02-22 22:32 - 00003411 _____ () C:\Users\Ghostdog\Documents\My Movie.wlmp
2014-02-21 20:54 - 2013-09-27 18:30 - 00000000 ____D () C:\Users\Ghostdog\Documents\ArmA 2
2014-02-21 20:48 - 2014-02-21 20:48 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\SIX Networks
2014-02-21 20:47 - 2013-05-17 10:24 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\Downloaded Installations
2014-02-21 18:38 - 2013-12-09 08:08 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Skype
2014-02-19 07:42 - 2014-02-18 23:01 - 00000000 ____D () C:\Users\Ghostdog\Documents\Banished
2014-02-18 18:28 - 2013-10-15 03:59 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-18 18:28 - 2013-10-15 03:59 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-02-18 18:28 - 2013-10-15 03:59 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-02-18 18:28 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-02-18 18:28 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-02-18 18:07 - 2013-03-04 22:57 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\Skyrim
2014-02-18 13:39 - 2013-08-07 21:59 - 01024209 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.1
2014-02-17 21:31 - 2013-12-15 13:11 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\IDM
2014-02-17 08:01 - 2013-03-04 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-14 08:36 - 2013-03-04 21:48 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-13 11:47 - 2014-02-13 11:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\RealVNC
2014-02-12 07:44 - 2013-05-10 09:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-11 17:58 - 2014-02-11 17:58 - 00001718 _____ () C:\Users\Ghostdog\.gtk-bookmarks
2014-02-11 17:58 - 2013-03-04 17:00 - 00000000 ____D () C:\Users\Ghostdog
2014-02-11 11:10 - 2013-12-23 09:43 - 00000000 ___RD () C:\Users\Ghostdog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 11:10 - 2013-03-04 22:08 - 00000000 ____D () C:\Windows\pss
2014-02-09 17:44 - 2014-02-09 17:44 - 00000000 ____D () C:\Users\Ghostdog\Documents\Bandicam
2014-02-09 17:44 - 2014-02-09 17:44 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\BANDISOFT
2014-02-09 17:44 - 2014-02-09 17:44 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-09 04:34 - 2014-02-28 14:14 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-09 04:34 - 2014-02-28 14:14 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-09 04:34 - 2014-02-28 14:14 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-09 04:34 - 2013-11-01 13:36 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-09 03:42 - 2013-11-01 13:36 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-09 03:42 - 2013-11-01 13:36 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-09 03:42 - 2013-11-01 13:36 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-09 03:42 - 2013-11-01 13:36 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-09 03:42 - 2013-11-01 13:36 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-06 13:34 - 2014-02-06 13:34 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-02-06 10:34 - 2014-02-06 10:34 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\WarThunder
2014-02-06 10:34 - 2014-02-06 10:34 - 00000000 ____D () C:\ProgramData\WarThunder
2014-02-06 09:32 - 2014-02-06 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 03:52 - 2013-11-01 13:36 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-05 12:22 - 2014-02-05 12:22 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\com.immersyve.Paladin.live
2014-02-04 22:39 - 2014-02-04 22:39 - 00000000 ____D () C:\Program Files (x86)\OGPlanet
2014-02-02 17:40 - 2013-03-04 19:12 - 00000000 ____D () C:\Users\Ghostdog\Documents\telltale games

Files to move or delete:
====================
C:\Users\Ghostdog\AppData\Roaming\CamLayout.ini
C:\Users\Ghostdog\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Ghostdog\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Ghostdog\AppData\Local\Temp\bdfilters.dll
C:\Users\Ghostdog\AppData\Local\Temp\bootsect.exe
C:\Users\Ghostdog\AppData\Local\Temp\SCC.dll
C:\Users\Ghostdog\AppData\Local\Temp\SymCCIS.dll
C:\Users\Ghostdog\AppData\Local\Temp\Wildstar.exe
C:\Users\Ghostdog\AppData\Local\Temp\wodCmdTerm.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 00:12

==================== End Of Log ============================



#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 06 March 2014 - 04:13 AM

Hello ausghostdog,

sorry for my late response!

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 08 March 2014 - 05:53 PM

The anti root kit came back clean, the adwcleaner is just sitting on pending.



#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 08 March 2014 - 06:13 PM

... the adwcleaner is just sitting on pending.

Hi,

click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 08 March 2014 - 08:21 PM

# AdwCleaner v3.020 - Report created 09/03/2014 at 08:51:45
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ghostdog - GHOSTDOG-PC
# Running from : D:\apps\a\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Folder Found C:\Program Files (x86)\SearchPredict
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\Ghostdog\AppData\LocalLow\Toolbar4

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bullzip-pdf-printer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bullzip-pdf-printer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6109 octets] - [08/03/2014 17:28:41]
AdwCleaner[R1].txt - [5957 octets] - [09/03/2014 08:51:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6017 octets] ##########
 


Edited by ausghostdog, 08 March 2014 - 08:22 PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 09 March 2014 - 02:14 AM

Hello ausghostdog,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 12 March 2014 - 05:07 AM

Hi,

 

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

 

Note: Threads will be closed if no response after 3 days.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 March 2014 - 04:21 AM

Sorry, been busy with work, will be doing the things this evening.



#11 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 15 March 2014 - 12:49 AM

# AdwCleaner v3.022 - Report created 15/03/2014 at 15:47:33
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ghostdog - GHOSTDOG-PC
# Running from : C:\Users\Ghostdog\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\SearchPredict
Folder Deleted : C:\Users\Ghostdog\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bullzip-pdf-printer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bullzip-pdf-printer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6109 octets] - [08/03/2014 17:28:41]
AdwCleaner[R1].txt - [6169 octets] - [09/03/2014 08:51:45]
AdwCleaner[R2].txt - [6165 octets] - [15/03/2014 15:47:06]
AdwCleaner[S0].txt - [6071 octets] - [15/03/2014 15:47:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6131 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Ghostdog on Sat 15/03/2014 at 15:55:11.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 15/03/2014 at 15:59:17.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ghostdog (administrator) on GHOSTDOG-PC on 15-03-2014 16:01:06
Running from C:\Users\Ghostdog\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() D:\apps\m\m7\GIGABYTE FORCE.exe
(Logitech Inc.) D:\apps\l\log\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
() C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) D:\apps\f\firefox\firefox.exe
(Tonec Inc.) D:\apps\i\Internet Download Manager\IDMan.exe
(Tonec Inc.) D:\apps\i\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKLM-x32\...\Run: [GMouse] - D:\apps\m\m7\GIGABYTE FORCE.EXE [1253376 2012-10-04] ()
HKLM-x32\...\Run: [LWS] - D:\apps\l\log\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3986059063-3246995217-940133027-1000\...\Run: [OpenHardwareMonitor] - C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.exe [486912 2013-07-30] ()
HKU\S-1-5-21-3986059063-3246995217-940133027-1000\...\Run: [Fan Control Software] - [X]
HKU\S-1-5-21-3986059063-3246995217-940133027-1000\...\Policies\Explorer: [NoLowDiscSpaceChecks] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-09] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\apps\i\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\apps\i\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A594E148-1B1E-419B-B1A8-2DD3495C6E3D}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "no_proxies_on", " 192.168.1.254, 192.168.1.1, .overclockers.com.au, .usq.edu.au, .reddit.com, .youtube.com, imgur.com, http://watchcric.com, .buyvm.net,  http://resonancegaming.com.au, http://chubbyparade.com/, spi0n.com , usqstudydesk.usq.edu.au, quietus.usq.edu.au"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - D:\apps\v\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - D:\apps\v\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\apps\v\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: ubisoft.com/uplaypc - G:\games\game\u\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: ReminderFox - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-02-22]
FF Extension: Ghostery - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\firefox@ghostery.com.xpi [2013-12-20]
FF Extension: Imgur Uploader - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\giorgio@gilestro.tk.xpi [2013-12-20]
FF Extension: Reddit Enhancement Suite - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-12-20]
FF Extension: Speed Dial - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\Ghostdog\AppData\Roaming\Mozilla\Firefox\Profiles\drry13wr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-14]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5 [2013-12-15]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ghostdog\AppData\Roaming\IDM\idmmzcc5 [2013-12-15]
FF StartMenuInternet: FIREFOX.EXE - D:\apps\f\firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Uplay PC) - G:\games\game\u\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Extension: (Google Drive) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (YouTube) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-22]
CHR Extension: (Google Search) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-05-10]
CHR Extension: (Speed Dial) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-08-22]
CHR Extension: (Logitech SetPoint) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-05-10]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2013-08-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-08-22]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-05-10]
CHR Extension: (Virtual Keyboard) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-05-10]
CHR Extension: (IDM Integration Module) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-08-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-22]
CHR Extension: (AntiGameOrigin) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2013-08-22]
CHR Extension: (Ghostery) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Ghostdog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\apps\i\Internet Download Manager\IDMGCExt.crx [2013-12-15]

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-27] ()
S2 MBAMScheduler; D:\apps\m\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\apps\m\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4230040 2013-04-15] (INCA Internet Co., Ltd.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [417912 2013-04-17] ()
S2 SkypeUpdate; D:\apps\s\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-30] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-21] (DT Soft Ltd)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-18] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-18] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [63096 2013-04-17] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 cpuz135; \??\C:\Users\Ghostdog\Desktop\pc-wizard_2012.2.11\pcwiz_x64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Thermaltake\Fan Control Software\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 16:01 - 2014-03-15 16:01 - 00020292 _____ () C:\Users\Ghostdog\Desktop\FRST.txt
2014-03-15 16:00 - 2014-03-15 16:00 - 02157056 _____ (Farbar) C:\Users\Ghostdog\Desktop\FRST64.exe
2014-03-15 15:59 - 2014-03-15 15:59 - 00000770 _____ () C:\Users\Ghostdog\Desktop\JRT.txt
2014-03-15 15:55 - 2014-03-15 15:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 15:46 - 2014-03-15 15:46 - 01950720 _____ () C:\Users\Ghostdog\Desktop\AdwCleaner.exe
2014-03-15 15:46 - 2014-03-15 15:46 - 01037734 _____ (Thisisu) C:\Users\Ghostdog\Desktop\JRT.exe
2014-03-11 14:11 - 2014-02-25 18:31 - 00252704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-11 14:11 - 2014-02-25 18:27 - 00126752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-08 17:28 - 2014-03-15 15:47 - 00000000 ____D () C:\AdwCleaner
2014-03-08 17:22 - 2014-03-08 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-08 17:22 - 2014-03-08 17:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-08 17:21 - 2014-03-08 17:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 16:28 - 2013-10-02 12:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-05 16:28 - 2013-10-02 12:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-05 16:28 - 2013-10-02 12:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-05 16:28 - 2013-10-02 11:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-05 16:28 - 2013-10-02 11:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-05 16:28 - 2013-10-02 11:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-05 16:28 - 2013-10-02 11:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-05 16:28 - 2013-10-02 10:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-05 16:28 - 2013-10-02 10:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-05 16:28 - 2013-10-02 10:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-05 16:28 - 2013-10-02 10:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-05 16:28 - 2013-10-02 10:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-05 16:28 - 2013-10-02 09:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-05 16:28 - 2013-10-02 09:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-05 16:28 - 2013-10-02 09:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-05 16:28 - 2013-10-02 08:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-05 16:28 - 2013-10-02 06:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-05 16:28 - 2013-10-02 06:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-05 16:25 - 2014-02-05 20:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-05 16:25 - 2014-02-05 20:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-05 16:25 - 2014-02-05 20:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-05 16:25 - 2014-02-05 19:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-05 16:25 - 2014-02-05 19:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-05 16:25 - 2014-02-05 19:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-05 16:25 - 2014-02-05 19:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-05 16:25 - 2014-02-05 19:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-05 16:25 - 2014-02-05 19:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-05 16:25 - 2014-02-05 19:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-05 16:25 - 2014-02-05 19:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-05 16:25 - 2014-02-05 19:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-05 16:25 - 2014-02-05 19:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-05 16:25 - 2014-02-05 19:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-05 16:25 - 2014-02-05 19:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-05 16:25 - 2014-02-05 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-05 16:25 - 2014-02-05 18:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-05 16:25 - 2014-02-05 18:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-05 16:25 - 2014-02-05 18:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-05 16:25 - 2014-02-05 18:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-05 16:25 - 2014-02-05 18:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-05 16:25 - 2014-02-05 18:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-05 16:25 - 2014-02-05 18:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-05 16:25 - 2014-02-05 18:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-05 16:25 - 2014-02-05 18:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-05 16:25 - 2014-02-05 18:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-05 16:25 - 2014-02-05 18:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-05 16:25 - 2014-02-05 18:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-05 16:25 - 2014-02-05 18:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-05 16:25 - 2014-02-05 18:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-05 16:25 - 2014-02-05 18:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-05 16:25 - 2014-02-05 18:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-05 16:24 - 2014-01-01 09:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-05 16:24 - 2014-01-01 09:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-05 16:24 - 2013-12-25 09:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-05 16:24 - 2013-12-25 08:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-05 16:24 - 2013-12-06 12:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-05 16:24 - 2013-12-06 12:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-05 16:24 - 2013-12-06 12:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-05 16:24 - 2013-12-06 12:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-05 16:24 - 2013-12-04 12:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-05 16:24 - 2013-12-04 12:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-05 16:24 - 2013-12-04 12:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-05 16:24 - 2013-12-04 12:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-05 16:24 - 2013-12-04 12:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-05 16:24 - 2013-12-04 12:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-05 16:24 - 2013-12-04 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-05 16:24 - 2013-12-04 12:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-05 16:24 - 2013-12-04 12:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-05 16:24 - 2013-12-04 12:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-05 16:24 - 2013-12-04 12:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-05 16:24 - 2013-12-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-05 16:24 - 2013-12-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-05 16:24 - 2013-12-04 12:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-05 16:24 - 2013-12-04 11:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-05 16:24 - 2013-12-04 11:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-05 16:24 - 2013-12-04 11:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-05 16:24 - 2013-12-04 11:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-05 16:24 - 2013-11-27 11:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-05 16:24 - 2013-11-27 11:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-05 16:24 - 2013-11-27 11:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-05 16:24 - 2013-11-27 11:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-05 16:24 - 2013-11-27 11:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-05 16:24 - 2013-11-27 11:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-05 16:24 - 2013-11-27 11:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-05 16:24 - 2013-11-26 21:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-05 16:24 - 2013-11-26 18:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-05 16:24 - 2013-11-24 04:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-05 16:24 - 2013-11-24 03:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-05 16:24 - 2013-11-23 08:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-05 16:24 - 2013-11-12 12:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-05 16:24 - 2013-11-12 12:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-05 16:24 - 2013-10-30 12:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-05 16:24 - 2013-10-30 12:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-05 16:24 - 2013-10-19 12:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-05 16:24 - 2013-10-19 11:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-05 16:24 - 2013-10-06 06:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-05 16:24 - 2013-10-06 05:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-05 16:24 - 2013-10-04 12:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-05 16:24 - 2013-10-04 12:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-05 16:24 - 2013-10-04 12:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-05 16:24 - 2013-10-04 12:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-05 16:24 - 2013-10-04 11:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-05 16:24 - 2013-10-04 11:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-05 16:24 - 2013-10-04 11:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-05 16:24 - 2013-10-04 11:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-05 16:24 - 2013-10-03 12:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-05 16:24 - 2013-10-03 12:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-05 16:24 - 2013-09-28 11:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-05 16:24 - 2013-09-25 12:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-05 16:24 - 2013-09-25 12:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-05 16:24 - 2013-09-25 12:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-05 16:24 - 2013-09-25 12:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-05 16:24 - 2013-09-25 12:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-05 16:24 - 2013-09-25 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-05 16:24 - 2013-09-25 12:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-05 16:24 - 2013-09-25 12:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-05 16:24 - 2013-09-25 12:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-05 16:24 - 2013-09-25 11:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-05 16:24 - 2013-09-25 11:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-05 16:24 - 2013-09-25 11:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-05 16:24 - 2013-09-25 11:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-05 16:24 - 2013-09-25 11:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-05 16:24 - 2013-09-25 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-05 16:24 - 2013-07-04 22:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-05 16:23 - 2013-11-26 20:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-05 16:23 - 2013-10-12 12:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-05 16:23 - 2013-10-12 12:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-05 16:23 - 2013-10-12 12:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-05 16:23 - 2013-10-12 12:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-05 16:23 - 2013-10-12 12:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-05 16:23 - 2013-10-12 12:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-05 16:23 - 2013-10-12 12:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-05 16:23 - 2013-10-12 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-05 16:23 - 2013-10-12 12:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-05 16:23 - 2013-10-12 11:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-05 16:23 - 2013-10-12 11:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-05 16:23 - 2013-10-12 11:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-05 16:23 - 2013-10-12 11:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-05 12:05 - 2014-03-05 12:05 - 00005059 _____ () C:\Users\Ghostdog\AppData\Local\recently-used.xbel
2014-03-04 09:22 - 2014-03-15 15:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 09:22 - 2014-03-15 15:27 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 09:22 - 2014-03-04 09:22 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-04 09:22 - 2014-03-04 09:22 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-03 08:27 - 2014-03-15 16:01 - 00000000 ____D () C:\FRST
2014-03-02 21:09 - 2014-03-02 21:11 - 106658816 _____ () C:\Users\Ghostdog\Desktop\Le Zap de Spi0n.com n°208.flv
2014-03-01 14:03 - 2014-03-01 14:03 - 00007605 _____ () C:\Users\Ghostdog\AppData\Local\Resmon.ResmonCfg
2014-02-28 14:16 - 2014-02-28 14:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 14:14 - 2014-02-09 04:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-28 14:14 - 2014-02-09 04:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-28 14:14 - 2014-02-09 04:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-27 20:04 - 2014-02-28 13:37 - 00000000 ____D () C:\Users\Ghostdog\Documents\Thief
2014-02-25 18:27 - 2014-02-25 18:27 - 00154912 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-02-25 18:27 - 2014-02-25 18:27 - 00140576 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-02-25 18:27 - 2014-02-25 18:27 - 00113952 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2014-02-25 18:24 - 2014-02-25 18:24 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-02-22 22:32 - 2014-02-22 22:32 - 00003411 _____ () C:\Users\Ghostdog\Documents\My Movie.wlmp
2014-02-21 20:48 - 2014-02-21 20:48 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\SIX Networks
2014-02-18 23:01 - 2014-02-19 07:42 - 00000000 ____D () C:\Users\Ghostdog\Documents\Banished
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-13 11:47 - 2014-02-13 11:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\RealVNC
2014-02-13 11:29 - 2014-02-28 14:04 - 00000000 ____D () C:\ProgramData\Oracle

==================== One Month Modified Files and Folders =======

2014-03-15 16:01 - 2014-03-15 16:01 - 00020292 _____ () C:\Users\Ghostdog\Desktop\FRST.txt
2014-03-15 16:01 - 2014-03-03 08:27 - 00000000 ____D () C:\FRST
2014-03-15 16:00 - 2014-03-15 16:00 - 02157056 _____ (Farbar) C:\Users\Ghostdog\Desktop\FRST64.exe
2014-03-15 16:00 - 2013-03-04 21:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-15 15:59 - 2014-03-15 15:59 - 00000770 _____ () C:\Users\Ghostdog\Desktop\JRT.txt
2014-03-15 15:55 - 2014-03-15 15:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 15:55 - 2009-07-14 14:45 - 00024528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 15:55 - 2009-07-14 14:45 - 00024528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 15:54 - 2009-07-14 15:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 15:51 - 2013-03-04 17:00 - 01547856 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 15:49 - 2013-08-07 21:59 - 00966318 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
2014-03-15 15:48 - 2014-03-04 09:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 15:48 - 2014-01-22 09:20 - 00006735 _____ () C:\Windows\setupact.log
2014-03-15 15:48 - 2014-01-16 12:33 - 00000636 _____ () C:\Windows\Tasks\Startup.job
2014-03-15 15:48 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 15:47 - 2014-03-08 17:28 - 00000000 ____D () C:\AdwCleaner
2014-03-15 15:46 - 2014-03-15 15:46 - 01950720 _____ () C:\Users\Ghostdog\Desktop\AdwCleaner.exe
2014-03-15 15:46 - 2014-03-15 15:46 - 01037734 _____ (Thisisu) C:\Users\Ghostdog\Desktop\JRT.exe
2014-03-15 15:27 - 2014-03-04 09:22 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 09:18 - 2013-04-04 10:43 - 00000000 ____D () C:\Users\Ghostdog\.VirtualBox
2014-03-15 08:43 - 2013-05-17 14:37 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\ArmA 2 OA
2014-03-15 08:09 - 2013-08-27 22:01 - 00000600 _____ () C:\Users\Ghostdog\AppData\Local\PUTTY.RND
2014-03-14 21:06 - 2013-08-07 07:27 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Dropbox
2014-03-14 21:04 - 2013-03-04 20:04 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\DMCache
2014-03-14 19:00 - 2013-10-14 14:21 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\vlc
2014-03-14 18:46 - 2013-07-25 18:16 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\FileZilla
2014-03-14 11:32 - 2013-03-04 20:51 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-14 09:57 - 2013-04-04 11:14 - 00000000 ____D () C:\Users\Ghostdog\VirtualBox VMs
2014-03-13 18:09 - 2013-05-04 08:03 - 00000418 _____ () C:\Windows\Tasks\My Backup(1) xml.job
2014-03-12 10:07 - 2013-03-04 20:19 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\foobar2000
2014-03-11 08:32 - 2013-03-04 17:00 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-09 22:05 - 2013-03-04 19:11 - 00000000 ____D () C:\Users\Ghostdog\Documents\my games
2014-03-08 17:28 - 2014-03-08 17:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-08 17:22 - 2014-03-08 17:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-08 17:21 - 2014-03-08 17:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 19:26 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-03-05 16:31 - 2009-07-14 14:45 - 00460648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-05 16:30 - 2013-07-14 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-05 12:05 - 2014-03-05 12:05 - 00005059 _____ () C:\Users\Ghostdog\AppData\Local\recently-used.xbel
2014-03-05 12:05 - 2013-03-04 20:43 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\deluge
2014-03-05 10:31 - 2013-08-07 21:59 - 01024062 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.1
2014-03-05 08:20 - 2013-03-04 17:00 - 00000000 ____D () C:\Users\Ghostdog
2014-03-05 07:55 - 2014-01-22 09:19 - 00003718 _____ () C:\Windows\PFRO.log
2014-03-04 09:22 - 2014-03-04 09:22 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-04 09:22 - 2014-03-04 09:22 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-04 09:22 - 2013-05-10 09:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 21:11 - 2014-03-02 21:09 - 106658816 _____ () C:\Users\Ghostdog\Desktop\Le Zap de Spi0n.com n°208.flv
2014-03-02 15:41 - 2014-02-08 06:16 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Awesomium
2014-03-01 14:03 - 2014-03-01 14:03 - 00007605 _____ () C:\Users\Ghostdog\AppData\Local\Resmon.ResmonCfg
2014-02-28 14:16 - 2014-02-28 14:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-28 14:16 - 2013-03-04 19:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-28 14:15 - 2013-06-25 09:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-28 14:04 - 2014-02-13 11:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-28 13:37 - 2014-02-27 20:04 - 00000000 ____D () C:\Users\Ghostdog\Documents\Thief
2014-02-27 18:43 - 2014-01-30 15:09 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 00:09 - 2013-09-11 15:46 - 00000000 ____D () C:\Users\Ghostdog\Documents\My Cheat Tables
2014-02-25 18:31 - 2014-03-11 14:11 - 00252704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-02-25 18:27 - 2014-03-11 14:11 - 00126752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-02-25 18:27 - 2014-02-25 18:27 - 00154912 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-02-25 18:27 - 2014-02-25 18:27 - 00140576 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-02-25 18:27 - 2014-02-25 18:27 - 00113952 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2014-02-25 18:24 - 2014-02-25 18:24 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-02-25 15:11 - 2013-03-09 09:26 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-24 14:47 - 2014-02-05 21:39 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-24 12:00 - 2014-02-05 21:42 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\My Games
2014-02-24 12:00 - 2014-01-28 16:15 - 00083062 _____ () C:\Windows\DirectX.log
2014-02-22 22:32 - 2014-02-22 22:32 - 00003411 _____ () C:\Users\Ghostdog\Documents\My Movie.wlmp
2014-02-21 20:54 - 2013-09-27 18:30 - 00000000 ____D () C:\Users\Ghostdog\Documents\ArmA 2
2014-02-21 20:48 - 2014-02-21 20:48 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\SIX Networks
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\SIX Networks
2014-02-21 20:47 - 2013-05-17 10:24 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\Downloaded Installations
2014-02-21 18:38 - 2013-12-09 08:08 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\Skype
2014-02-19 07:42 - 2014-02-18 23:01 - 00000000 ____D () C:\Users\Ghostdog\Documents\Banished
2014-02-18 18:28 - 2013-10-15 03:59 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-18 18:28 - 2013-10-15 03:59 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-02-18 18:28 - 2013-10-15 03:59 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-02-18 18:28 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-02-18 18:28 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-02-18 18:07 - 2013-03-04 22:57 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\Skyrim
2014-02-18 13:39 - 2013-08-07 21:59 - 01024209 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.2
2014-02-17 21:31 - 2013-12-15 13:11 - 00000000 ____D () C:\Users\Ghostdog\AppData\Roaming\IDM
2014-02-17 08:01 - 2013-03-04 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-14 09:42 - 2014-02-14 09:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-14 08:36 - 2013-03-04 21:48 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-13 11:47 - 2014-02-13 11:47 - 00000000 ____D () C:\Users\Ghostdog\AppData\Local\RealVNC

Files to move or delete:
====================
C:\Users\Ghostdog\AppData\Roaming\CamLayout.ini
C:\Users\Ghostdog\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Ghostdog\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Ghostdog\AppData\Local\Temp\bdfilters.dll
C:\Users\Ghostdog\AppData\Local\Temp\bootsect.exe
C:\Users\Ghostdog\AppData\Local\Temp\Quarantine.exe
C:\Users\Ghostdog\AppData\Local\Temp\SCC.dll
C:\Users\Ghostdog\AppData\Local\Temp\SymCCIS.dll
C:\Users\Ghostdog\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Ghostdog\AppData\Local\Temp\Wildstar.exe
C:\Users\Ghostdog\AppData\Local\Temp\wodCmdTerm.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 00:53

==================== End Of Log ============================

 

Attached File  Addition.txt   50.35KB   0 downloads


Edited by ausghostdog, 15 March 2014 - 01:05 AM.


#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 15 March 2014 - 08:22 AM

Hello ausghostdog,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
C:\Users\Ghostdog\AppData\Roaming\CamLayout.ini
C:\Users\Ghostdog\AppData\Roaming\CamShapes.ini
C:\Users\Ghostdog\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Ghostdog\AppData\Local\Temp\bdfilters.dll
C:\Users\Ghostdog\AppData\Local\Temp\bootsect.exe
C:\Users\Ghostdog\AppData\Local\Temp\SCC.dll
C:\Users\Ghostdog\AppData\Local\Temp\SymCCIS.dll
C:\Users\Ghostdog\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Ghostdog\AppData\Local\Temp\Wildstar.exe
C:\Users\Ghostdog\AppData\Local\Temp\wodCmdTerm.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.


***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 15 March 2014 - 06:16 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ghostdog at 2014-03-16 09:16:07 Run:1
Running from C:\Users\Ghostdog\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Ghostdog\AppData\Roaming\CamLayout.ini
C:\Users\Ghostdog\AppData\Roaming\CamShapes.ini
C:\Users\Ghostdog\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Ghostdog\AppData\Local\Temp\bdfilters.dll
C:\Users\Ghostdog\AppData\Local\Temp\bootsect.exe
C:\Users\Ghostdog\AppData\Local\Temp\SCC.dll
C:\Users\Ghostdog\AppData\Local\Temp\SymCCIS.dll
C:\Users\Ghostdog\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Ghostdog\AppData\Local\Temp\Wildstar.exe
C:\Users\Ghostdog\AppData\Local\Temp\wodCmdTerm.exe
end
*****************

C:\Users\Ghostdog\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Ghostdog\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\awesomium_setup.exe => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\bootsect.exe => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\SCC.dll => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\SymCCIS.dll => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\Wildstar.exe => Moved successfully.
C:\Users\Ghostdog\AppData\Local\Temp\wodCmdTerm.exe => Moved successfully.

==== End of Fixlog ====

 

 

Seems to be running fine, thanks.



#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 15 March 2014 - 06:20 PM

Hello ausghostdog,

1. Java
1.1 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.2 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***



How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 18 March 2014 - 07:37 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users