Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I'm infected by "PC Utilities Pro-Optimizer Pro"


  • This topic is locked This topic is locked
25 replies to this topic

#1 ScrubTechGreg

ScrubTechGreg

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 25 March 2014 - 12:36 AM

First off i just want to offer an advance thank you for any help received. I'm a bit green when it comes to threat removal. I just downloaded a WoT community toolbar from a trusted forum (I was warned to deselect any options), deselected and the in addition to the toolbar I got a pop-up with an otb this scanner that lists an exaggerated list of files to clean. Something seems shifty like possibly malware I'm guessing. I haven't touched it since. Firefox closed and I'm not sure what I can safely do. Can I open up Firefox and dl the dds tool? I'm posting on a a tablet currently.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 25 March 2014 - 07:21 AM





Hello ScrubTechGreg

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 25 March 2014 - 07:54 PM

Muchas Gracias Gringo,

I'm extremely greatfull for your willingness to help me out with this. I was previously reading some of the help you had given others, and you seem to really know whats up. I really need to dig into the forums and figure out how to protect my pc better.

I haven't run any tools (other than the one you requested), I'm following the topic with immediate notification, and have printed your post (and will continue to). I don't really want to lose files, not that I have many, in-fact I feel like my drives' are a bit more bloated than they should be with things I don't need or use (not sure what to delete), so if I have to do a clean install I will. Definitely not my 1st choice though; in-fact I think I better look into getting an additional outside drive.

Anyway last night after I picked up the virus my cpu load skyrocketed, and while I was downloading Farbar today after work I noticed my browser was much slower. I caught an ad-ware when downloading Farbar Scan Tool, but it disappeared after about 20 seconds. Also, Avast web tracker was picking up hits that couldn't be identified [saw in requested txt file that service could not access server?]. Cool scan tool btw. All the windows host processes scared me into keeping the pc on all night. I've read in the past that certain malware will embed itself into the registry after rebooting, and sometimes hide in these processes. Is this right, and would it be safe to shutdown and reboot since I don't think this will be a quick process especially because my free daytime hours are quite limited.

Other than that my pc is running normal, and by that I mean there haven't been any crashes or huge cpu pushes like when I originally aquired the virus. The load is heavier than normal though and I'm shut out from posting or clicking certain portals. I just had a flying saucer come zig-zagging across my display, and thin red lined rectangles outline this sites borders.

I haven't clicked on or minimized the Optimizer splash that litters my desktop; should I close it, or will this potentially cause more difficulties? About 6 months ago I was infected with a "Win32.downloader.gen" that was a nasty little bugger. I read some, and downloaded some tools that were honestly way over my head as far as my tech capabilities, and I probably shouldn't have been messing around with them. I'm almost positive that I got rid of the Win32.dl.gen (I hope), but I wasn't really sure on how to uninstall some of the tools I used.

Thanks again, and here are the scans:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Greg Rodgerson (administrator) on GREGRODGERSON on 25-03-2014 18:21:47
Running from C:\Users\Greg Rodgerson\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Creative Island Media, LLC) C:\ProgramData\Websteroids\Websteroids.exe
(Creative Island Media, LLC) C:\ProgramData\Websteroids\WebsteroidsService.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-16] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5453bc58-b5e2-4ccd-af6e-f736f0e7b5e6.exe /check [181136 2014-03-25] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2652738724-2410924769-3864602309-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2652738724-2410924769-3864602309-1000\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-2652738724-2410924769-3864602309-1000\...\CurrentVersion\Windows: [Load] C:\Users\GREGRO~1\LOCALS~1\Temp\msipiaa.bat <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-24] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-03-24] ()
IFEO\icloud.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x719414ACAA16CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {969F1920-13E1-459F-8C06-19EDDA554130} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {16C9315D-FAD1-4254-AD1E-5B283B699661} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKCU - {969F1920-13E1-459F-8C06-19EDDA554130} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {E8D8BADD-5A9B-4C26-8C4A-6A4959E81594} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN12623174136405338&UM=2
SearchScopes: HKCU - {ED2A27DD-A6A5-42E9-BE70-C8A11A11F726} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C7E6EFB5-7BFB-434A-BBFB-5DE17CBE0930&apn_sauid=2FD4FA5C-2F7F-4F92-A79B-D4AECC7FC61E
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @esn.me/esnsonar - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Greg Rodgerson\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Greg Rodgerson\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Greg Rodgerson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: WOT HELPER  - C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\Extensions\{64651638-da45-4bd6-8b6b-b79c326671eb} [2014-03-24]
FF Extension: Adblock Plus - C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-24]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\jmwgabsbmtxairm@wzcttjml.com [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-02]
FF HKCU\...\Firefox\Extensions: [{667B2AD2-7209-11E1-826D-B8AC6F996F26}] - C:\Users\Greg Rodgerson\AppData\Local\{667B2AD2-7209-11E1-826D-B8AC6F996F26}\
FF Extension: Translate This! - C:\Users\Greg Rodgerson\AppData\Local\{667B2AD2-7209-11E1-826D-B8AC6F996F26}\ []

==================== Services (Whitelisted) =================

R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-16] (AVAST Software)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4005936 2011-06-06] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)
R2 Websteroids; C:\ProgramData\Websteroids\Websteroids.exe [151416 2014-03-21] (Creative Island Media, LLC)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-16] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-11-02] (Emsisoft GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-18] (TuneUp Software)
S3 dump_wmimmc; \??\d:\game installations\new folder\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 18:21 - 2014-03-25 18:22 - 00015772 _____ () C:\Users\Greg Rodgerson\Downloads\FRST.txt
2014-03-25 18:19 - 2014-03-25 18:21 - 00000000 ____D () C:\FRST
2014-03-25 18:16 - 2014-03-25 18:17 - 02157056 _____ (Farbar) C:\Users\Greg Rodgerson\Downloads\FRST64.exe
2014-03-25 10:52 - 2014-03-25 10:52 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-03-25 10:51 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Local\SearchProtect
2014-03-25 02:43 - 2014-03-25 18:16 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Local\Websteroids
2014-03-24 22:51 - 2014-03-24 22:51 - 00001066 _____ () C:\Users\Greg Rodgerson\Desktop\Optimizer Pro.lnk
2014-03-24 22:51 - 2014-03-24 22:51 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Optimizer Pro
2014-03-24 22:50 - 2014-03-25 10:58 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-24 22:50 - 2014-03-24 22:51 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-24 22:50 - 2014-03-24 22:50 - 00000000 ____D () C:\ProgramData\Websteroids
2014-03-24 22:45 - 2014-03-24 22:46 - 00214432 _____ () C:\Users\Greg Rodgerson\Downloads\tb_WOT_HELPER.exe
2014-03-23 11:12 - 2014-03-23 11:13 - 00000000 ____D () C:\Users\Greg Rodgerson\Desktop\Garbage
2014-03-21 19:02 - 2014-03-21 19:02 - 01161080 _____ () C:\Windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-20 13:09 - 2014-03-04 10:35 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-20 13:09 - 2014-03-04 10:35 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-20 13:09 - 2014-03-04 09:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-20 13:09 - 2014-03-04 09:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-20 13:09 - 2014-03-04 09:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-20 13:09 - 2014-03-04 09:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-20 13:09 - 2014-03-04 09:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-20 13:09 - 2014-03-04 09:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 13:07 - 2014-03-04 10:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 13:07 - 2014-03-04 10:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-20 12:37 - 2014-03-20 12:37 - 00628411 _____ () C:\Users\Greg Rodgerson\Downloads\GPU_Meter_V2.4.gadget
2014-03-20 12:35 - 2014-03-20 12:36 - 00372336 _____ (AddGadgets.com) C:\Users\Greg Rodgerson\Downloads\GPUMeterVersion24.exe
2014-03-20 00:15 - 2014-03-20 00:35 - 00001082 _____ () C:\Users\Greg Rodgerson\Desktop\res_mods - Shortcut.lnk
2014-03-19 02:31 - 2014-03-19 02:33 - 00000905 _____ () C:\Users\Greg Rodgerson\Desktop\WoT Mods - Shortcut.lnk
2014-03-19 01:57 - 2014-03-19 01:57 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-19 01:55 - 2014-03-19 01:55 - 07624808 _____ () C:\Users\Greg Rodgerson\Downloads\npp.6.5.5.Installer.exe
2014-03-19 01:32 - 2014-03-19 01:58 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Notepad++
2014-03-19 01:09 - 2014-03-19 21:53 - 00001597 _____ () C:\Users\Greg Rodgerson\Desktop\Radial Menu Editor.exe - Shortcut.lnk
2014-03-17 13:56 - 2014-03-24 19:48 - 00002708 _____ () C:\Windows\setupact.log
2014-03-17 13:56 - 2014-03-17 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 20:33 - 2014-03-15 20:33 - 04765152 _____ (Piriform Ltd) C:\Users\Greg Rodgerson\Downloads\ccsetup411.exe
2014-03-11 16:56 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 16:56 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 16:56 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 16:56 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 16:56 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 16:56 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 16:56 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 16:56 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 16:56 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 16:56 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 16:56 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 16:56 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 16:56 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 16:56 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 16:56 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 16:56 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 16:56 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 16:56 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 16:56 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 16:56 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 16:56 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 16:56 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 16:56 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 16:56 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 16:56 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 16:56 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 16:56 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 16:56 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 16:56 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 16:56 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 16:56 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 16:56 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 16:56 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 16:56 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 16:56 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 16:56 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 16:56 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 16:56 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 16:56 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 16:56 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 16:56 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 16:56 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 16:56 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 16:56 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 16:56 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 16:56 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 16:56 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 16:55 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-08 19:31 - 2014-03-08 19:31 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-08 08:15 - 2014-03-08 08:15 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-03-07 20:59 - 2014-03-07 20:59 - 09237816 _____ (Wargaming.net ) C:\Users\Greg Rodgerson\Downloads\WoT_internet_install_na(1).exe
2014-03-07 20:27 - 2014-03-07 20:27 - 12113665 _____ (MaverickBlue) C:\Users\Greg Rodgerson\Downloads\Mavs-Magical-MegaMod-XVM-Pack.exe
2014-03-07 20:27 - 2014-03-07 20:27 - 06845236 _____ (MaverickBlue) C:\Users\Greg Rodgerson\Downloads\Mavs-Magical-MegaMod-Ultra.exe
2014-03-02 16:14 - 2014-03-19 20:07 - 00322928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-28 12:21 - 2014-03-19 03:17 - 00072488 _____ () C:\Users\Greg Rodgerson\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-28 12:05 - 2014-03-09 16:53 - 00000056 _____ () C:\Windows\WoT_path.ini
2014-02-26 17:29 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 17:29 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

==================== One Month Modified Files and Folders =======

2014-03-25 18:22 - 2014-03-25 18:21 - 00015772 _____ () C:\Users\Greg Rodgerson\Downloads\FRST.txt
2014-03-25 18:21 - 2014-03-25 18:19 - 00000000 ____D () C:\FRST
2014-03-25 18:17 - 2014-03-25 18:16 - 02157056 _____ (Farbar) C:\Users\Greg Rodgerson\Downloads\FRST64.exe
2014-03-25 18:16 - 2014-03-25 02:43 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Local\Websteroids
2014-03-25 18:03 - 2014-01-31 11:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 10:58 - 2014-03-24 22:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-25 10:52 - 2014-03-25 10:52 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-03-25 10:52 - 2014-03-25 10:51 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Local\SearchProtect
2014-03-25 03:00 - 2011-11-21 01:45 - 01527386 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 01:11 - 2009-07-14 00:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 01:11 - 2009-07-14 00:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 22:51 - 2014-03-24 22:51 - 00001066 _____ () C:\Users\Greg Rodgerson\Desktop\Optimizer Pro.lnk
2014-03-24 22:51 - 2014-03-24 22:51 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Optimizer Pro
2014-03-24 22:51 - 2014-03-24 22:50 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-24 22:50 - 2014-03-24 22:50 - 00000000 ____D () C:\ProgramData\Websteroids
2014-03-24 22:46 - 2014-03-24 22:45 - 00214432 _____ () C:\Users\Greg Rodgerson\Downloads\tb_WOT_HELPER.exe
2014-03-24 19:53 - 2013-09-06 15:12 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\HpUpdate
2014-03-24 19:48 - 2014-03-17 13:56 - 00002708 _____ () C:\Windows\setupact.log
2014-03-24 18:48 - 2009-07-14 01:13 - 00796094 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 18:47 - 2011-04-06 13:43 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{628E7A2F-67CD-4D2F-8080-F896624ADA27}
2014-03-24 18:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 11:13 - 2014-03-23 11:12 - 00000000 ____D () C:\Users\Greg Rodgerson\Desktop\Garbage
2014-03-21 19:02 - 2014-03-21 19:02 - 01161080 _____ () C:\Windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-20 18:19 - 2011-08-05 10:21 - 00000000 ____D () C:\Games
2014-03-20 13:54 - 2011-04-06 13:48 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-20 13:54 - 2011-04-06 13:48 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-20 13:09 - 2011-10-24 13:58 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-20 13:09 - 2011-04-06 13:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-20 13:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-03-20 13:08 - 2011-04-18 14:34 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\NVIDIA
2014-03-20 12:37 - 2014-03-20 12:37 - 00628411 _____ () C:\Users\Greg Rodgerson\Downloads\GPU_Meter_V2.4.gadget
2014-03-20 12:36 - 2014-03-20 12:35 - 00372336 _____ (AddGadgets.com) C:\Users\Greg Rodgerson\Downloads\GPUMeterVersion24.exe
2014-03-20 03:17 - 2013-04-15 20:39 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Local\Deployment
2014-03-20 01:26 - 2013-07-30 07:32 - 00000000 ____D () C:\Users\Greg Rodgerson\Desktop\WoT replays
2014-03-20 00:35 - 2014-03-20 00:15 - 00001082 _____ () C:\Users\Greg Rodgerson\Desktop\res_mods - Shortcut.lnk
2014-03-19 21:53 - 2014-03-19 01:09 - 00001597 _____ () C:\Users\Greg Rodgerson\Desktop\Radial Menu Editor.exe - Shortcut.lnk
2014-03-19 20:07 - 2014-03-02 16:14 - 00322928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 03:17 - 2014-02-28 12:21 - 00072488 _____ () C:\Users\Greg Rodgerson\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 02:33 - 2014-03-19 02:31 - 00000905 _____ () C:\Users\Greg Rodgerson\Desktop\WoT Mods - Shortcut.lnk
2014-03-19 01:58 - 2014-03-19 01:32 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Notepad++
2014-03-19 01:57 - 2014-03-19 01:57 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-19 01:55 - 2014-03-19 01:55 - 07624808 _____ () C:\Users\Greg Rodgerson\Downloads\npp.6.5.5.Installer.exe
2014-03-18 15:54 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 15:53 - 2011-04-06 13:36 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 13:56 - 2014-03-17 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 20:34 - 2011-10-25 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-15 20:33 - 2014-03-15 20:33 - 04765152 _____ (Piriform Ltd) C:\Users\Greg Rodgerson\Downloads\ccsetup411.exe
2014-03-15 13:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-15 12:42 - 2011-04-06 13:10 - 00000000 ___RD () C:\Users\Greg Rodgerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-15 11:27 - 2012-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-13 17:40 - 2013-03-15 08:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 17:40 - 2013-03-15 08:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 17:03 - 2014-01-31 11:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 17:03 - 2014-01-31 11:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 17:03 - 2014-01-31 11:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 16:53 - 2013-11-02 07:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-09 16:53 - 2014-02-28 12:05 - 00000056 _____ () C:\Windows\WoT_path.ini
2014-03-08 19:59 - 2011-09-09 08:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-08 19:31 - 2014-03-08 19:31 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-08 15:39 - 2012-12-24 06:42 - 00000000 ____D () C:\Program Files\McAfee
2014-03-08 15:38 - 2014-01-31 12:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-08 15:36 - 2011-09-24 11:06 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Roaming\Apple Computer
2014-03-08 15:34 - 2011-09-24 11:05 - 00000000 ____D () C:\ProgramData\Apple
2014-03-08 15:32 - 2013-05-22 21:24 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-08 08:15 - 2014-03-08 08:15 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-03-08 08:15 - 2012-06-08 12:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-07 20:59 - 2014-03-07 20:59 - 09237816 _____ (Wargaming.net ) C:\Users\Greg Rodgerson\Downloads\WoT_internet_install_na(1).exe
2014-03-07 20:58 - 2011-07-22 16:45 - 00000000 ____D () C:\ProgramData\Origin
2014-03-07 20:27 - 2014-03-07 20:27 - 12113665 _____ (MaverickBlue) C:\Users\Greg Rodgerson\Downloads\Mavs-Magical-MegaMod-XVM-Pack.exe
2014-03-07 20:27 - 2014-03-07 20:27 - 06845236 _____ (MaverickBlue) C:\Users\Greg Rodgerson\Downloads\Mavs-Magical-MegaMod-Ultra.exe
2014-03-04 10:35 - 2014-03-20 13:09 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-04 10:35 - 2014-03-20 13:09 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 10:35 - 2014-03-20 13:07 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 10:35 - 2014-03-20 13:07 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 09:06 - 2014-03-20 13:09 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 09:06 - 2014-03-20 13:09 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 09:05 - 2014-03-20 13:09 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 09:05 - 2014-03-20 13:09 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 09:05 - 2014-03-20 13:09 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 09:05 - 2014-03-20 13:09 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-01 02:05 - 2014-03-11 16:56 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-11 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-11 16:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-11 16:56 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-11 16:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-11 16:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-11 16:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-11 16:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-11 16:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-11 16:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-11 16:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-11 16:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-11 16:56 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-11 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-11 16:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-11 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-11 16:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-11 16:56 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-11 16:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-11 16:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-11 16:56 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-11 16:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-11 16:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-11 16:56 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-11 16:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-11 16:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-11 16:56 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-11 16:56 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-11 16:56 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-11 16:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-11 16:56 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-11 16:56 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-11 16:56 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-11 16:56 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-11 16:56 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-11 16:56 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-11 16:56 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-11 16:56 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-11 16:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-11 16:56 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 13:22 - 2014-02-16 09:03 - 00000000 ___RD () C:\Users\Greg Rodgerson\Dropbox
2014-02-28 11:52 - 2011-10-25 16:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-28 11:00 - 2011-10-25 16:13 - 00000000 ____D () C:\Users\Greg Rodgerson\AppData\Local\Google
2014-02-28 09:12 - 2013-12-09 16:34 - 00000000 ___RD () C:\Users\Greg Rodgerson\Google Drive
2014-02-27 22:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-02-23 16:26 - 2014-02-15 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Greg Rodgerson\AppData\Local\Temp\nsg8936.exe
C:\Users\Greg Rodgerson\AppData\Local\Temp\nsq715F.exe
C:\Users\Greg Rodgerson\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg Rodgerson\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 13:46

==================== End Of Log ============================

AND,

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Greg Rodgerson at 2014-03-25 18:22:52
Running from C:\Users\Greg Rodgerson\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - )
Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version:  - Relic)
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version:  - Relic)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Elder Scrolls V: Skyrim Prima Guide (HKLM-x32\...\Steam App 200000) (Version:  - )
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{A445B6F1-C69E-4F0F-B3F8-79A5C7A6066B}) (Version: 3.0.108.16 - Fresco Logic Inc.)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - )
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Naga Firmware Updater 1.13 (HKLM-x32\...\{5A336D74-E680-4986-96F4-E9CEBC784F56}) (Version: 1.13.01 - Razer)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.44.11 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.10.5 - NVIDIA Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.01.05 - Razer USA Ltd.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6162 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
SOULZAS FONTS FOR XVM 1.00 (HKLM-x32\...\SOULZAS FONTS FOR XVM 1.00) (Version: 1.00 - SOULZAS MODS)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.286 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.286 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.4000.286 - TuneUp Software) Hidden
Unity of Command (HKLM-x32\...\Steam App 218090) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Websteroids (HKLM-x32\...\Websteroids) (Version: 2.6.71 - Creative Island Media, LLC) <==== ATTENTION
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

==================== Restore Points  =========================

11-03-2014 21:01:45 Windows Update
11-03-2014 21:56:48 Windows Update
15-03-2014 15:27:17 Removed OpenOffice.org 3.4.1
15-03-2014 15:28:22 Windows Update
15-03-2014 16:41:07 Removed 7-Zip 9.21
15-03-2014 16:44:34 Removed Java 7 Update 51 (64-bit)
18-03-2014 19:53:22 Windows Update
22-03-2014 06:13:28 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04D8F1AA-FFF2-4C99-B6AF-3B0F060060E6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {10C1116A-A0FB-4339-9CED-12AA9A825A2A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {1CC5BF78-FAEC-4133-A8CD-2C013CECD33F} - \BackgroundContainer Startup Task No Task File
Task: {24726516-B12F-49CA-92E5-56188C40DB2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000UA => C:\Users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {38CD851F-CD7D-450D-B11F-36EAAD48567D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software)
Task: {47AD7649-C504-406B-BA60-AEB87DB293E1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5BA074CF-6D40-47F1-9901-C06D009F0FD0} - System32\Tasks\Google Updater and Installer => C:\Users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {63E85C85-DDA8-4CC7-9312-0D8D2779BE73} - \Scheduled Update for Ask Toolbar No Task File
Task: {71317A39-EC7D-4021-AA1A-609D91071BB2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {7A272BE7-3178-4CC6-A9D6-05F8F98DED01} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {88808325-C0AB-468E-98AD-C9DD78C9C1A2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {A89E2485-26B0-4F4D-9522-4A34D130F648} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-16] (AVAST Software)
Task: {A92F8CCA-082D-4F56-BC96-1921D1CE883A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E1E20A3F-2D69-4D17-BE70-E5A64DF580E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {E92F2DB2-5D8A-4332-936F-23FDC59C96DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000Core => C:\Users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {ED58E3B6-564F-4EF4-8DF0-C373A38F10AB} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000Core.job => C:\Users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000UA.job => C:\Users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-20 13:09 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-11 12:56 - 2013-07-10 01:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-28 14:10 - 2014-01-28 14:10 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2014-03-24 22:51 - 2014-03-24 22:51 - 02681648 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2014-03-24 07:25 - 2014-03-24 03:41 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032400\algo.dll
2014-03-25 06:54 - 2014-03-25 05:55 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032500\algo.dll
2014-03-25 18:19 - 2014-03-25 17:24 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032501\algo.dll
2013-11-02 07:35 - 2013-11-02 07:35 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-24 22:51 - 2014-03-24 22:51 - 00186496 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2014-03-24 22:51 - 2014-03-24 22:51 - 02961368 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-02-15 13:20 - 2014-02-15 13:21 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 17:03 - 2014-03-11 17:03 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Greg Rodgerson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash                                                                                                                                                                                                       
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun                                                                                                                                                                                                 

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2014 10:50:50 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (03/23/2014 07:00:11 PM) (Source: Windows Backup) (User: )
Description: Backup did not complete successfully because a shadow copy could not be created. Free up disk space on the drive that you are backing up by deleting unnecessary files and then try again.

Error: (03/20/2014 01:19:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0x95c
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/20/2014 00:06:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0x9c4
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/19/2014 08:07:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0xa58
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/19/2014 01:54:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0x990
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/18/2014 06:29:26 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/18/2014 04:01:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0x970
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (03/17/2014 02:06:47 PM) (Source: Windows Backup) (User: )
Description: Backup did not complete successfully because a shadow copy could not be created. Free up disk space on the drive that you are backing up by deleting unnecessary files and then try again.

Error: (03/15/2014 08:20:08 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (03/20/2014 01:19:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/20/2014 00:06:45 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/19/2014 08:07:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/19/2014 01:54:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/19/2014 01:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/19/2014 01:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/19/2014 01:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/19/2014 01:52:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/19/2014 01:52:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/19/2014 01:52:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/24/2014 10:50:50 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (03/23/2014 07:00:11 PM) (Source: Windows Backup)(User: )
Description: A shadow copy could not be created. Please check "VSS" and "SPP" application event logs for more information. (0x81000019)

Error: (03/20/2014 01:19:00 PM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b95c01cf44607a42b9b1C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllb96cce05-b053-11e3-906c-bcaec5644eb0

Error: (03/20/2014 00:06:43 AM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b9c401cf43f1cbc46a5cC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll0b3812df-afe5-11e3-b62f-bcaec5644eb0

Error: (03/19/2014 08:07:22 PM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6ba5801cf43d05c50339cC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll9b57f947-afc3-11e3-9e2d-bcaec5644eb0

Error: (03/19/2014 01:54:07 AM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b99001cf43379a93892cC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dlle2123f64-af2a-11e3-901f-bcaec5644eb0

Error: (03/18/2014 06:29:26 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/18/2014 04:01:36 PM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b97001cf42e4dc6d689fC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll1ba09ccf-aed8-11e3-8f7f-64809908663c

Error: (03/17/2014 02:06:47 PM) (Source: Windows Backup)(User: )
Description: A shadow copy could not be created. Please check "VSS" and "SPP" application event logs for more information. (0x81000019)

Error: (03/15/2014 08:20:08 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


CodeIntegrity Errors:
===================================
  Date: 2012-12-04 09:18:59.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-04 09:18:59.419
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 06:58:41.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game Installations\New folder\SteamApps\common\ava\Binaries\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 06:58:41.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game Installations\New folder\SteamApps\common\ava\Binaries\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8169.17 MB
Available physical RAM: 5753.51 MB
Total Pagefile: 16336.52 MB
Available Pagefile: 13956.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:29.15 GB) NTFS
Drive d: (DATA) (Fixed) (Total:698.54 GB) (Free:349.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E0C5913D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: DBC9BB7F)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 27 March 2014 - 08:46 AM



Hello ScrubTechGreg

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 27 March 2014 - 09:20 PM

The load on the cpu seems to fluctuate a bit too much and at higher rates than normal. Seems to be too many processes up too. Thanks again Gringo. Here are the logs:

 

 

# AdwCleaner v3.022 - Report created 27/03/2014 at 17:57:02
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Greg Rodgerson - GREGRODGERSON
# Running from : C:\Users\Greg Rodgerson\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : CltMngSvc
[#] Service Deleted : Websteroids

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Local\Websteroids
Folder Deleted : C:\Users\GREGRO~1\AppData\Local\Temp\CT3280098
Folder Deleted : C:\Users\Greg Rodgerson\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Greg Rodgerson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Greg Rodgerson\Documents\Mobogenie
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\CT3280098
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\Extensions\{64651638-da45-4bd6-8b6b-b79c326671eb}
File Deleted : C:\Users\Greg Rodgerson\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\prefs.js ]

Line Deleted : user_pref("CT3280098.FF19Solved", "true");
Line Deleted : user_pref("CT3280098.UserID", "UN31130334612278520");
Line Deleted : user_pref("CT3280098.fullUserID", "UN31130334612278520.IN.20140324225030");
Line Deleted : user_pref("CT3280098.installDate", "24/03/2014 22:50:33");
Line Deleted : user_pref("CT3280098.installSessionId", "a72f6c72-7596-4c06-a973-b7016ab51180");
Line Deleted : user_pref("CT3280098.installSp", "true");
Line Deleted : user_pref("CT3280098.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3280098.searchRevert", "false");
Line Deleted : user_pref("CT3280098.searchUninstallUserMode", "4");
Line Deleted : user_pref("CT3280098.searchUserMode", "4");
Line Deleted : user_pref("CT3280098.toolbarInstallDate", "24-03-2014 22:50:30");
Line Deleted : user_pref("CT3280098.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3280098.xpeMode", "1");
Line Deleted : user_pref("smartbar.machineId", "RHD10J3H2SSBSTFVNREGN/KNA1STWMFUB9VYEJBWVIS1PZX9A86VY73/IWFC82TJC05KLLS22PQTUQYK6CC9WQ");

*************************

AdwCleaner[R0].txt - [8296 octets] - [06/11/2013 08:33:31]
AdwCleaner[R1].txt - [5689 octets] - [27/03/2014 17:47:13]
AdwCleaner[S0].txt - [8260 octets] - [06/11/2013 10:41:31]
AdwCleaner[S1].txt - [5508 octets] - [27/03/2014 17:57:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5568 octets] ##########

# AdwCleaner v3.022 - Report created 27/03/2014 at 17:57:02
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Greg Rodgerson - GREGRODGERSON
# Running from : C:\Users\Greg Rodgerson\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : CltMngSvc
[#] Service Deleted : Websteroids

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Local\Websteroids
Folder Deleted : C:\Users\GREGRO~1\AppData\Local\Temp\CT3280098
Folder Deleted : C:\Users\Greg Rodgerson\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Greg Rodgerson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Greg Rodgerson\Documents\Mobogenie
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\CT3280098
Folder Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\Extensions\{64651638-da45-4bd6-8b6b-b79c326671eb}
File Deleted : C:\Users\Greg Rodgerson\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\prefs.js ]

Line Deleted : user_pref("CT3280098.FF19Solved", "true");
Line Deleted : user_pref("CT3280098.UserID", "UN31130334612278520");
Line Deleted : user_pref("CT3280098.fullUserID", "UN31130334612278520.IN.20140324225030");
Line Deleted : user_pref("CT3280098.installDate", "24/03/2014 22:50:33");
Line Deleted : user_pref("CT3280098.installSessionId", "a72f6c72-7596-4c06-a973-b7016ab51180");
Line Deleted : user_pref("CT3280098.installSp", "true");
Line Deleted : user_pref("CT3280098.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3280098.searchRevert", "false");
Line Deleted : user_pref("CT3280098.searchUninstallUserMode", "4");
Line Deleted : user_pref("CT3280098.searchUserMode", "4");
Line Deleted : user_pref("CT3280098.toolbarInstallDate", "24-03-2014 22:50:30");
Line Deleted : user_pref("CT3280098.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3280098.xpeMode", "1");
Line Deleted : user_pref("smartbar.machineId", "RHD10J3H2SSBSTFVNREGN/KNA1STWMFUB9VYEJBWVIS1PZX9A86VY73/IWFC82TJC05KLLS22PQTUQYK6CC9WQ");

*************************

AdwCleaner[R0].txt - [8296 octets] - [06/11/2013 08:33:31]
AdwCleaner[R1].txt - [5689 octets] - [27/03/2014 17:47:13]
AdwCleaner[S0].txt - [8260 octets] - [06/11/2013 10:41:31]
AdwCleaner[S1].txt - [5508 octets] - [27/03/2014 17:57:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5568 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by Greg Rodgerson on Thu 03/27/2014 at 19:40:47.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E8D8BADD-5A9B-4C26-8C4A-6A4959E81594}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED2A27DD-A6A5-42E9-BE70-C8A11A11F726}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] C:\Users\Greg Rodgerson\appdata\local\{667B2AD2-7209-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\Users\Greg Rodgerson\appdata\local\cre"
Successfully deleted: [Folder] C:\Users\Greg Rodgerson\appdata\local\{667B2AD2-7209-11E1-826D-B8AC6F996F26} [Trojan:JS/Medfos.A]



~~~ FireFox

Emptied folder: C:\Users\Greg Rodgerson\AppData\Roaming\mozilla\firefox\profiles\ak0fn3jg.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/27/2014 at 19:58:53.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 27 March 2014 - 09:54 PM

Sorry about the double adw paste. Not sure how that happened.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 29 March 2014 - 08:34 AM


Hello ScrubTechGreg

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 29 March 2014 - 06:20 PM

This is kind of ridiculous, but I think I closed out the notepad file after the combofix scan by a mistake. I've been searching, but it is definitely gone isn't it? Sorry Gringo, I didn't mean to waste your time. Could I possibly run it again, or would this be completely futile? The pc does seem to be running much better. I just started using notepad, and I really dig it simplicity, however I think the exception just bit me in the ass

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 31 March 2014 - 08:38 AM


Hello ScrubTechGreg

I would like to see the report so lets see if we can find the report this way.

Extra Combofix Report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok
  • copy and paste the report into this topic for me to review
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 31 March 2014 - 10:15 PM

Wow that was awesome. I thought for sure it was gone. Thank you, it seems to be running better. Though it's kind of weird that I haven't heard the cooling fans come on in awhile. It generates a lot of heat because it's a laptop w/ a decent setup cramped in, so the fans run noticeably loud. Not that I've been doing much performance wise. Can I run Experience Index to see if performance is normal? Could you possibly recommend an application to display cpu/gpu speed/temp?

 

 

ComboFix 14-03-24.01 - Greg Rodgerson 03/29/2014  16:58:11.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8169.6419 [GMT -4:00]
Running from: c:\users\Greg Rodgerson\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Greg Rodgerson\AppData\Roaming\updates
c:\windows\Fonts\Uninstall.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-28 to 2014-03-29  )))))))))))))))))))))))))))))))
.
.
2014-03-29 21:05 . 2014-03-29 21:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-29 17:18 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D43D454-ACEE-43C9-88A2-E36FB739C13D}\mpengine.dll
2014-03-29 16:56 . 2014-03-17 14:16    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCE152B7-4414-4F3F-8CFD-774E47C66F7A}\mpengine.dll
2014-03-28 00:26 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-27 23:40 . 2014-03-27 23:40    --------    d-----w-    c:\windows\ERUNT
2014-03-25 22:56 . 2014-02-20 21:52    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A371CC18-911A-4700-A913-C76A455089C5}\gapaengine.dll
2014-03-25 22:19 . 2014-03-25 22:24    --------    d-----w-    C:\FRST
2014-03-21 23:02 . 2014-03-21 23:02    1161080    ----a-w-    c:\windows\SysWow64\Websteroids.B324755F3F87.dll
2014-03-20 17:09 . 2014-03-04 13:06    6714312    ----a-w-    c:\windows\system32\nvcpl.dll
2014-03-20 17:09 . 2014-03-04 13:06    3497816    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-03-20 17:09 . 2014-03-04 13:05    922968    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-03-20 17:09 . 2014-03-04 13:05    64968    ----a-w-    c:\windows\system32\nvshext.dll
2014-03-20 17:09 . 2014-03-04 13:05    2558808    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-03-20 17:09 . 2014-03-04 13:05    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-03-20 17:09 . 2014-03-04 14:35    62408    ----a-w-    c:\windows\system32\OpenCL.dll
2014-03-20 17:09 . 2014-03-04 14:35    54216    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-03-19 05:32 . 2014-03-19 05:58    --------    d-----w-    c:\users\Greg Rodgerson\AppData\Roaming\Notepad++
2014-03-18 20:15 . 2014-03-27 21:39    --------    d-----w-    c:\users\Greg Rodgerson\AppData\Local\ElevatedDiagnostics
2014-03-11 20:55 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 19:53 . 2011-04-06 17:36    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-03-11 21:03 . 2014-01-31 15:55    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 21:03 . 2014-01-31 15:55    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-20 21:52 . 2011-04-06 18:43    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-18 14:42 . 2014-02-16 21:41    440672    ----a-w-    c:\windows\system32\drivers\aswndisflt.sys
2014-02-16 21:41 . 2013-12-29 16:40    80184    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-02-16 21:41 . 2013-12-28 13:51    421704    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-02-16 21:41 . 2013-11-02 11:35    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-16 21:41 . 2013-11-02 11:35    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-16 21:41 . 2013-11-02 11:35    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-16 21:41 . 2013-02-06 20:22    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-02-15 16:18 . 2014-02-15 16:18    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-02-15 16:18 . 2014-02-15 16:18    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-15 16:18 . 2014-02-15 16:18    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-02-15 16:18 . 2014-02-15 16:18    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-02-15 16:18 . 2014-02-15 16:18    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-15 16:18 . 2014-02-15 16:18    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-02-15 16:18 . 2014-02-15 16:18    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-15 16:18 . 2014-02-15 16:18    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-02-15 16:18 . 2014-02-15 16:18    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-02-15 16:18 . 2014-02-15 16:18    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-02-15 16:18 . 2014-02-15 16:18    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-15 16:18 . 2014-02-15 16:18    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-15 16:18 . 2014-02-15 16:18    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-02-15 16:18 . 2014-02-15 16:18    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-02-15 16:18 . 2014-02-15 16:18    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-02-15 16:18 . 2014-02-15 16:18    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-02-15 16:18 . 2014-02-15 16:18    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-02-15 16:18 . 2014-02-15 16:18    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-02-15 16:18 . 2014-02-15 16:18    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-02-15 16:18 . 2014-02-15 16:18    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-02-15 16:18 . 2014-02-15 16:18    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-02-15 16:18 . 2014-02-15 16:18    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-02-15 16:18 . 2014-02-15 16:18    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-02-15 16:18 . 2014-02-15 16:18    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-15 16:18 . 2014-02-15 16:18    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-02-15 16:18 . 2014-02-15 16:18    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-02-15 16:18 . 2014-02-15 16:18    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-02-15 16:18 . 2014-02-15 16:18    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-02-15 16:18 . 2014-02-15 16:18    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-15 16:18 . 2014-02-15 16:18    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-02-15 16:18 . 2014-02-15 16:18    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-02-15 16:18 . 2014-02-15 16:18    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-15 16:18 . 2014-02-15 16:18    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-15 16:18 . 2014-02-15 16:18    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-02-15 16:18 . 2014-02-15 16:18    413696    ----a-w-    c:\windows\system32\html.iec
2014-02-15 16:18 . 2014-02-15 16:18    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-15 16:18 . 2014-02-15 16:18    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-15 16:18 . 2014-02-15 16:18    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-02-15 16:18 . 2014-02-15 16:18    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-02-15 16:18 . 2014-02-15 16:18    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-02-15 16:18 . 2014-02-15 16:18    235520    ----a-w-    c:\windows\system32\url.dll
2014-02-15 16:18 . 2014-02-15 16:18    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-15 16:18 . 2014-02-15 16:18    147968    ----a-w-    c:\windows\system32\occache.dll
2014-02-15 16:18 . 2014-02-15 16:18    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-02-15 16:18 . 2014-02-15 16:18    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-02-15 16:18 . 2014-02-15 16:18    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-02-15 16:18 . 2014-02-15 16:18    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-02-15 16:18 . 2014-02-15 16:18    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-15 16:18 . 2014-02-15 16:18    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-15 16:18 . 2014-02-15 16:18    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-15 16:18 . 2014-02-15 16:18    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-01-28 18:08 . 2012-12-10 11:58    35640    ----a-w-    c:\windows\system32\TURegOpt.exe
2014-01-28 18:08 . 2012-12-17 02:19    38200    ----a-w-    c:\windows\system32\uxtuneup.dll
2014-01-28 18:08 . 2012-12-17 02:19    30520    ----a-w-    c:\windows\SysWow64\uxtuneup.dll
2014-01-28 18:08 . 2012-12-10 11:58    26936    ----a-w-    c:\windows\system32\authuitu.dll
2014-01-28 18:08 . 2012-12-10 11:58    22328    ----a-w-    c:\windows\SysWow64\authuitu.dll
2014-01-09 02:22 . 2014-02-26 21:29    5694464    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-01-03 22:44 . 2014-02-26 21:29    6574592    ----a-w-    c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-16 3767096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\f21c5944-fe21-41cd-a479-d02b6a7eef4f.exe" [2014-03-29 181136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Razer Naga Driver"=c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\game installations\new folder\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys;d:\game installations\new folder\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31 21:03]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000Core.job
- c:\users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 17:34]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000UA.job
- c:\users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-16 21:41    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-SOULZAS FONTS FOR XVM 1.00 - c:\windows\Fonts\Uninstall.exe
AddRemove-Websteroids - c:\programdata\Websteroids\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EEF3855C-FC2D-41E6-8D91-D368F51B3055}"=hex:51,66,7a,6c,4c,1d,38,12,32,86,e0,
   ea,1f,b2,88,04,f2,87,90,28,f0,45,74,41
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}"=hex:51,66,7a,6c,4c,1d,38,12,72,a0,58,
   28,27,42,8c,54,ef,d1,d8,bc,bb,ef,2c,a7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f4,19,cd,f5,00,50,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c2,4e,4c,b9,58,bb,46,99,f2,d4,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c2,4e,4c,b9,58,bb,46,99,f2,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c2,4e,4c,b9,58,bb,46,99,f2,d4,\
.
[HKEY_USERS\S-1-5-21-2652738724-2410924769-3864602309-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,31,03,30,54,52,89,55,f3,31,b7,71,97,0d,ee,9a,43,09,1d,31,ea,5f,b6,
   4f,a1,5a,e9,01,db,bb,2a,10,ec,5f,f1,83,be,7d,cd,77,2f,62,69,b6,47,4a,21,d7,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2652738724-2410924769-3864602309-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,a2,6b,fb,8e,49,f6,d7,b6,7a,bc,81,f5,15,59,51,08,70,e9,e0,e9,
   6d,93,32,af,8e,41,ed,c1,5c,93,ac,14,f1,7e,f3,e4,2d,58,0f,22,87,f3,7d,77,e3,\
"rkeysecu"=hex:f9,f6,24,d9,eb,5a,8f,15,fe,05,1c,01,c5,51,8f,de
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\09\14\075?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-29  17:09:24
ComboFix-quarantined-files.txt  2014-03-29 21:09
.
Pre-Run: 31,632,048,128 bytes free
Post-Run: 31,570,550,784 bytes free
.
- - End Of File - - 9AC5186DE8E5B1DCB29E913DBC72F3AE
A36C5E4F47E84449FF07ED3517B43A31

 

 

Not sure if this is worth mentioning but, I see shortcuts flash sometimes when I back out of Firefox, usually I only see them pop at startup. Thx Gringo.

 

 

 

 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 01 April 2014 - 08:04 AM



Hello ScrubTechGreg


:multiple Anti Virus programs:
  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:


    AV: avast! Antivirus
    AV: Microsoft Security Essentials



    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove all but one of them.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

File::
c:\windows\SysWow64\Websteroids.B324755F3F87.dll
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 02 April 2014 - 07:03 PM

The computer seems to be running much better. Here are the logs:

 

ComboFix 14-03-24.01 - Greg Rodgerson 04/02/2014  16:23:07.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8169.6858 [GMT -4:00]
Running from: c:\users\Greg Rodgerson\Desktop\ComboFix.exe
Command switches used :: c:\users\Greg Rodgerson\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\Websteroids.B324755F3F87.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Websteroids.B324755F3F87.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-02 to 2014-04-02  )))))))))))))))))))))))))))))))
.
.
2014-04-02 20:25 . 2014-04-02 20:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-02 19:45 . 2014-04-02 19:45    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2014-04-01 01:58 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21D8F108-C6D2-4AF2-88FA-07A46B9793AD}\mpengine.dll
2014-04-01 01:56 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-29 16:56 . 2014-03-17 14:16    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCE152B7-4414-4F3F-8CFD-774E47C66F7A}\mpengine.dll
2014-03-27 23:40 . 2014-03-27 23:40    --------    d-----w-    c:\windows\ERUNT
2014-03-25 22:56 . 2014-02-20 21:52    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A371CC18-911A-4700-A913-C76A455089C5}\gapaengine.dll
2014-03-25 22:19 . 2014-03-25 22:24    --------    d-----w-    C:\FRST
2014-03-20 17:09 . 2014-03-04 13:06    6714312    ----a-w-    c:\windows\system32\nvcpl.dll
2014-03-20 17:09 . 2014-03-04 13:06    3497816    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-03-20 17:09 . 2014-03-04 13:05    922968    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-03-20 17:09 . 2014-03-04 13:05    64968    ----a-w-    c:\windows\system32\nvshext.dll
2014-03-20 17:09 . 2014-03-04 13:05    2558808    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-03-20 17:09 . 2014-03-04 13:05    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-03-20 17:09 . 2014-03-04 14:35    62408    ----a-w-    c:\windows\system32\OpenCL.dll
2014-03-20 17:09 . 2014-03-04 14:35    54216    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-03-19 05:32 . 2014-03-19 05:58    --------    d-----w-    c:\users\Greg Rodgerson\AppData\Roaming\Notepad++
2014-03-18 20:15 . 2014-03-27 21:39    --------    d-----w-    c:\users\Greg Rodgerson\AppData\Local\ElevatedDiagnostics
2014-03-11 20:55 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 19:53 . 2011-04-06 17:36    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-03-11 21:03 . 2014-01-31 15:55    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 21:03 . 2014-01-31 15:55    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-20 21:52 . 2011-04-06 18:43    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-15 16:18 . 2014-02-15 16:18    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-02-15 16:18 . 2014-02-15 16:18    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-15 16:18 . 2014-02-15 16:18    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-02-15 16:18 . 2014-02-15 16:18    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-02-15 16:18 . 2014-02-15 16:18    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-15 16:18 . 2014-02-15 16:18    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-02-15 16:18 . 2014-02-15 16:18    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-15 16:18 . 2014-02-15 16:18    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-02-15 16:18 . 2014-02-15 16:18    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-02-15 16:18 . 2014-02-15 16:18    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-02-15 16:18 . 2014-02-15 16:18    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-15 16:18 . 2014-02-15 16:18    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-15 16:18 . 2014-02-15 16:18    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-02-15 16:18 . 2014-02-15 16:18    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-02-15 16:18 . 2014-02-15 16:18    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-02-15 16:18 . 2014-02-15 16:18    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-02-15 16:18 . 2014-02-15 16:18    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-02-15 16:18 . 2014-02-15 16:18    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-02-15 16:18 . 2014-02-15 16:18    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-02-15 16:18 . 2014-02-15 16:18    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-02-15 16:18 . 2014-02-15 16:18    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-02-15 16:18 . 2014-02-15 16:18    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-02-15 16:18 . 2014-02-15 16:18    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-02-15 16:18 . 2014-02-15 16:18    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-15 16:18 . 2014-02-15 16:18    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-02-15 16:18 . 2014-02-15 16:18    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-02-15 16:18 . 2014-02-15 16:18    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-02-15 16:18 . 2014-02-15 16:18    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-02-15 16:18 . 2014-02-15 16:18    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-15 16:18 . 2014-02-15 16:18    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-02-15 16:18 . 2014-02-15 16:18    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-02-15 16:18 . 2014-02-15 16:18    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-15 16:18 . 2014-02-15 16:18    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-15 16:18 . 2014-02-15 16:18    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-02-15 16:18 . 2014-02-15 16:18    413696    ----a-w-    c:\windows\system32\html.iec
2014-02-15 16:18 . 2014-02-15 16:18    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-15 16:18 . 2014-02-15 16:18    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-15 16:18 . 2014-02-15 16:18    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-02-15 16:18 . 2014-02-15 16:18    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-02-15 16:18 . 2014-02-15 16:18    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-02-15 16:18 . 2014-02-15 16:18    235520    ----a-w-    c:\windows\system32\url.dll
2014-02-15 16:18 . 2014-02-15 16:18    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-15 16:18 . 2014-02-15 16:18    147968    ----a-w-    c:\windows\system32\occache.dll
2014-02-15 16:18 . 2014-02-15 16:18    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-02-15 16:18 . 2014-02-15 16:18    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-02-15 16:18 . 2014-02-15 16:18    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-02-15 16:18 . 2014-02-15 16:18    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-02-15 16:18 . 2014-02-15 16:18    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-15 16:18 . 2014-02-15 16:18    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-15 16:18 . 2014-02-15 16:18    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-15 16:18 . 2014-02-15 16:18    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-01-28 18:08 . 2012-12-10 11:58    35640    ----a-w-    c:\windows\system32\TURegOpt.exe
2014-01-28 18:08 . 2012-12-17 02:19    38200    ----a-w-    c:\windows\system32\uxtuneup.dll
2014-01-28 18:08 . 2012-12-17 02:19    30520    ----a-w-    c:\windows\SysWow64\uxtuneup.dll
2014-01-28 18:08 . 2012-12-10 11:58    26936    ----a-w-    c:\windows\system32\authuitu.dll
2014-01-28 18:08 . 2012-12-10 11:58    22328    ----a-w-    c:\windows\SysWow64\authuitu.dll
2014-01-09 02:22 . 2014-02-26 21:29    5694464    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-01-03 22:44 . 2014-02-26 21:29    6574592    ----a-w-    c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Razer Naga Driver"=c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\game installations\new folder\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys;d:\game installations\new folder\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31 21:03]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000Core.job
- c:\users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 17:34]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652738724-2410924769-3864602309-1000UA.job
- c:\users\Greg Rodgerson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Greg Rodgerson\AppData\Roaming\Mozilla\Firefox\Profiles\ak0fn3jg.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-SOULZAS FONTS FOR XVM 1.00 - c:\windows\Fonts\Uninstall.exe
AddRemove-Websteroids - c:\programdata\Websteroids\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EEF3855C-FC2D-41E6-8D91-D368F51B3055}"=hex:51,66,7a,6c,4c,1d,38,12,32,86,e0,
   ea,1f,b2,88,04,f2,87,90,28,f0,45,74,41
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}"=hex:51,66,7a,6c,4c,1d,38,12,72,a0,58,
   28,27,42,8c,54,ef,d1,d8,bc,bb,ef,2c,a7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f4,19,cd,f5,00,50,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c2,4e,4c,b9,58,bb,46,99,f2,d4,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c2,4e,4c,b9,58,bb,46,99,f2,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c2,4e,4c,b9,58,bb,46,99,f2,d4,\
.
[HKEY_USERS\S-1-5-21-2652738724-2410924769-3864602309-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,31,03,30,54,52,89,55,f3,31,b7,71,97,0d,ee,9a,43,09,1d,31,ea,5f,b6,
   4f,a1,5a,e9,01,db,bb,2a,10,ec,5f,f1,83,be,7d,cd,77,2f,62,69,b6,47,4a,21,d7,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2652738724-2410924769-3864602309-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,a2,6b,fb,8e,49,f6,d7,b6,7a,bc,81,f5,15,59,51,08,70,e9,e0,e9,
   6d,93,32,af,8e,41,ed,c1,5c,93,ac,14,f1,7e,f3,e4,2d,58,0f,22,87,f3,7d,77,e3,\
"rkeysecu"=hex:f9,f6,24,d9,eb,5a,8f,15,fe,05,1c,01,c5,51,8f,de
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\09\14\075?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-02  16:26:59
ComboFix-quarantined-files.txt  2014-04-02 20:26
ComboFix2.txt  2014-03-29 21:09
.
Pre-Run: 45,020,491,776 bytes free
Post-Run: 44,975,034,368 bytes free
.
- - End Of File - - DC83D8B04CAA6DFC76D7E996ACC7A672
A36C5E4F47E84449FF07ED3517B43A31
 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 02 April 2014 - 08:13 PM


Hello ScrubTechGreg

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ScrubTechGreg

ScrubTechGreg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:58 PM

Posted 03 April 2014 - 03:19 PM

Computer seems to be running okay, only some programs just crash to desktop when  I try to run them. Here is the report:

 

Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
ATK Package
BioShock 2
Company of Heroes 2
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Dishonored
Dota 2
Elder Scrolls V: Skyrim Prima Guide
Far Cry® 3
Fraps
Frozen Synapse
HP FWUpdateEDO2
HP Update
HPDiagnosticAlert
Malwarebytes Anti-Malware version 1.75.0.1300
Mark of the Ninja
Metro: Last Light
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Naga Firmware Updater 1.13
Notepad++
NVIDIA PhysX
Pando Media Booster
Portal 2
PunkBuster Services
Razer Naga
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SOULZAS FONTS FOR XVM 1.00
Steam
System Requirements Lab
System Requirements Lab for Intel
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Unity of Command
Unity Web Player
Websteroids
World of Tanks
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:58 PM

Posted 03 April 2014 - 05:50 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader X (10.1.9)
      Websteroids


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users