Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another zekos infection, help


  • This topic is locked This topic is locked
3 replies to this topic

#1 yuechenli

yuechenli

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 20 April 2014 - 07:59 AM

My avast webshield keeps blocking svchost.exe, and upon checking the process I saw that took up an unusually large amount of memory. Upon some research here, I saw a lot of people have had similar problems recently due to zekos trojans. Attached below is the FRST log, please get back to me as soon as possible.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16866
Run by yli at 9:11:45 on 2014-04-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8078.3052 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\DAZ contents\ContentManagementService\ContentManagementServer.exe
E:\Smite\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
E:\Solidworks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
E:\Solidworks 2013\SolidWorks Flow Simulation\binCFW\dispatcher.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\yli\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\yli\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\yli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
E:\Solidworks 2013\SolidWorks\sldworks_fs.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\lucidservices.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Sandboxie\Start.exe
C:\Program Files\Sandboxie\Start.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ASRockXTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WTClient] WTClient.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\yli\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~2.LNK - C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 10.50.0.1
TCP: Interfaces\{7B38A58E-E5E3-42C6-9917-F17310109CFD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8946A3A5-4C58-4F11-901F-6CEE56243214} : DHCPNameServer = 10.50.0.1
TCP: Interfaces\{CC682D03-260D-41A3-A23B-8DB8135850FA} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\yli\AppData\Roaming\Mozilla\Firefox\Profiles\k8x9qa5u.default\
FF - prefs.js: network.proxy.ftp - 91.121.139.97
FF - prefs.js: network.proxy.ftp_port - 443
FF - prefs.js: network.proxy.http - 91.121.139.97
FF - prefs.js: network.proxy.http_port - 443
FF - prefs.js: network.proxy.socks - 91.121.139.97
FF - prefs.js: network.proxy.socks_port - 443
FF - prefs.js: network.proxy.ssl - 91.121.139.97
FF - prefs.js: network.proxy.ssl_port - 443
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\yli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\yli\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll
FF - plugin: C:\Windows\Downloaded Program Files\117222957\npxbdsetup.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Smite\HiPatchService.exe [2013-11-25 9216]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-1-11 31016]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 208416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-10 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-1-10 17192]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-28 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-28 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-3-12 240128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-19 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-17 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-19 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-19 50344]
R2 DAZContentManagementService;DAZ Content Management Service;E:\DAZ contents\ContentManagementService\ContentManagementServer.exe [2014-1-20 22528]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-10 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-10 128280]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-10 161560]
R2 LucidSrv;LucidSrv;C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe [2013-4-25 16616]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;E:\Solidworks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2012-9-13 51848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-10 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-10 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-10 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-10 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-1-10 32344]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2009-6-18 27304]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-4-25 97512]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-1-10 34752]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;"E:\Autodesk 3dsMax\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe" --> E:\Autodesk 3dsMax\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;E:\Solidworks 2013\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-9-28 76904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-15 1432400]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-1-11 135584]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2009-6-18 17064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.
=============== Created Last 30 ================
.
2014-04-20 12:36:44 -------- d-----w- C:\FRST
2014-04-19 20:53:31 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-19 20:53:31 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-18 15:02:06 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1F2486E-8CB9-44D1-A6F7-420F5BE280AD}\mpengine.dll
2014-04-12 06:59:55 -------- d-----w- C:\Users\yli\AppData\Local\Ubisoft Game Launcher
2014-04-09 05:49:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-09 05:49:38 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-09 05:49:38 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-09 05:49:38 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-09 05:49:38 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-09 05:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-09 05:49:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-09 05:49:38 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 05:49:38 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-29 08:12:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-03-28 02:20:12 -------- d-----w- C:\Users\yli\AppData\Local\Blizzard
2014-03-25 19:13:41 -------- d-----w- C:\Program Files (x86)\AMD AVT
.
==================== Find3M  ====================
.
2014-04-20 11:40:53 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-20 11:40:53 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-20 07:30:05 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-04-20 07:30:05 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-04-19 20:53:31 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-19 20:53:31 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-04-19 20:53:31 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-19 20:53:31 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-19 20:53:31 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-19 20:53:31 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-31 14:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-13 06:33:30 2238976 ----a-w- C:\Windows\System32\wininet.dll
2014-03-13 06:32:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-13 06:31:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-13 06:31:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-03-13 05:10:47 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-13 05:09:43 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-13 05:09:39 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-13 05:09:39 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-03-13 04:57:03 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-13 04:47:33 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-13 03:59:47 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-03-13 03:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-03-12 17:00:28 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-03-12 16:55:40 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-03-12 16:06:56 273632 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-03-12 16:04:42 13929984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-03-12 15:50:10 230912 ----a-w- C:\Windows\System32\clinfo.exe
2014-03-12 15:49:52 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-03-12 15:49:46 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-03-12 15:49:40 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-03-12 15:49:36 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-03-12 15:49:30 28425216 ----a-w- C:\Windows\System32\amdocl64.dll
2014-03-12 15:47:00 23903744 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-03-12 15:44:40 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-03-12 15:44:36 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-03-12 15:27:48 27490304 ----a-w- C:\Windows\System32\atio6axx.dll
2014-03-12 15:24:28 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-03-12 15:24:18 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-03-12 15:24:16 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-03-12 15:24:08 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-03-12 15:24:04 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-03-12 15:23:50 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-03-12 15:20:36 126464 ----a-w- C:\Windows\System32\mantle64.dll
2014-03-12 15:20:24 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-03-12 15:20:16 113152 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-03-12 15:19:54 5393408 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-03-12 15:07:08 23108608 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-03-12 15:06:06 4319744 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-03-12 15:03:26 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-03-12 15:03:14 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-03-12 15:03:06 586240 ----a-w- C:\Windows\System32\atieclxx.exe
2014-03-12 15:02:08 240128 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-03-12 15:00:32 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-03-12 14:53:38 81920 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-03-12 14:53:28 79360 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-03-12 14:50:22 44544 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-03-12 14:50:18 35840 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-03-12 14:34:38 806912 ----a-w- C:\Windows\System32\coinst_13.350.dll
2014-03-12 14:27:02 1148416 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-03-12 14:26:48 828416 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-03-12 14:26:32 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-03-12 14:26:26 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-03-12 14:26:26 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-03-12 14:26:22 146432 ----a-w- C:\Windows\System32\atig6txx.dll
2014-03-12 14:25:58 133120 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-03-12 14:25:34 636928 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-03-12 14:24:42 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-03-12 14:24:36 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-03-12 14:24:24 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2014-03-12 14:24:20 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2014-03-12 14:20:08 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-10 05:23:39 15648 ----a-w- C:\Windows\System32\drivers\nvflash.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH:  9:11:56.42 ===============
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014
Ran by yli (administrator) on YLI-PC on 20-04-2014 07:53:23
Running from E:\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() E:\DAZ contents\ContentManagementService\ContentManagementServer.exe
(Hi-Rez Studios) E:\Smite\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LucidLogix) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mentor Graphics Corporation) E:\Solidworks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) E:\Solidworks 2013\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\yli\AppData\Roaming\uTorrent\uTorrent.exe
(Flux Software LLC) C:\Users\yli\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\yli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dassault Systèmes SolidWorks Corp.) E:\Solidworks 2013\SolidWorks\sldworks_fs.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(LucidLogix) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\lucidservices.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\Start.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\Start.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3104488 2013-03-05] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-10-30] (Tablet Driver)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-19] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [uTorrent] => C:\Users\yli\AppData\Roaming\uTorrent\uTorrent.exe [1268816 2014-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [Spotify] => C:\Users\yli\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-08-22] (Spotify Ltd)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [F.lux] => C:\Users\yli\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [Spotify Web Helper] => C:\Users\yli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-22] (Spotify Ltd)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-04-11] (Raptr, Inc)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\MountPoints2: {e9302c88-5c9f-11e2-866e-bc5ff465ccbb} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-567920152-2971123487-840376847-1000\...\MountPoints2: {e9302f5a-5c9f-11e2-866e-bc5ff465ccbb} - J:\setup.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [502504 2013-03-05] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [461032 2013-03-05] (Lucidlogix Inc.)
Startup: C:\Users\yli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA4D3A6B8FE23CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\yli\AppData\Roaming\Mozilla\Firefox\Profiles\k8x9qa5u.default
FF NetworkProxy: "backup.ftp", "193.68.1.4"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "193.68.1.4"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "193.68.1.4"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "91.121.139.97"
FF NetworkProxy: "ftp_port", 443
FF NetworkProxy: "http", "91.121.139.97"
FF NetworkProxy: "http_port", 443
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "91.121.139.97"
FF NetworkProxy: "socks_port", 443
FF NetworkProxy: "ssl", "91.121.139.97"
FF NetworkProxy: "ssl_port", 443
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\117222957\npxbdsetup.dll ()
FF Plugin-x32: @baidu.com/UploadPlugin - C:\Users\yli\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll (Baidu.com, Inc.)
FF Plugin-x32: @baiduwangpan.com/npxbdyy - E:\BaiduPlayerBaiduYun\1.19.1.23\npxbdyy.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 - C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll (Millisecond Software)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @millisecond.com/npInquisit,version=4.0 - C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll (Millisecond Software)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\yli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-17]
 
Chrome: 
=======
CHR Extension: (HTTPS Everywhere) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-01-24]
CHR Extension: (AdBlock) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-24]
CHR Extension: (Hide My AdBlocker) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-23]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-24]
CHR Extension: (Into The Mist) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2014-02-03]
CHR Extension: (Ghostery) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (ScriptSafe) - C:\Users\yli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-01-24]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-19] (AVAST Software)
S3 CoordinatorServiceHost; E:\Solidworks 2013\SolidWorks\swScheduler\DTSCoordinatorService.exe [76904 2012-09-28] (Dassault Systèmes SolidWorks Corp.)
R2 DAZContentManagementService; E:\DAZ contents\ContentManagementService\ContentManagementServer.exe [22528 2011-05-05] ()
U2 HiPatchService; E:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 LucidSrv; C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe [16616 2013-03-05] (LucidLogix)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-18] ()
R2 RemoteSolverDispatcher; E:\Solidworks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2011-09-23] (UC-Logic Technology Corp.)
S3 DAUpdaterSvc; E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [X]
S2 mi-raysat_3dsmax2013_64; "E:\Autodesk 3dsMax\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-19] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-10-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-19] ()
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-20] ()
S3 ALSysIO; \??\C:\Users\yli\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-20 07:37 - 2014-04-20 07:39 - 00002626 _____ () C:\Users\yli\Desktop\Rkill.txt
2014-04-20 07:36 - 2014-04-20 07:53 - 00000000 ____D () C:\FRST
2014-04-20 02:33 - 2014-04-20 02:33 - 00003018 _____ () C:\Windows\System32\Tasks\asrRd
2014-04-20 02:33 - 2014-04-20 02:33 - 00002952 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-04-19 15:53 - 2014-04-19 15:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-19 15:53 - 2014-04-19 15:53 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-19 03:16 - 2014-04-19 03:16 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-18 23:21 - 2014-04-20 07:40 - 00000069 _____ () C:\Windows\system32\eioww.hil
2014-04-18 23:11 - 2014-04-18 23:11 - 00000064 _____ () C:\Windows\system32\ftjxsyp.stf
2014-04-18 23:11 - 2014-04-18 23:11 - 00000000 _____ () C:\Windows\system32\imhq.zpk
2014-04-18 22:55 - 2014-04-18 22:55 - 00236804 ____S () C:\Windows\system32\ygchxu.ojm
2014-04-12 01:59 - 2014-04-12 01:59 - 00000000 ____D () C:\Users\yli\AppData\Local\Ubisoft Game Launcher
2014-04-09 00:50 - 2014-03-13 01:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 00:50 - 2014-03-13 01:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 00:50 - 2014-03-13 01:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 00:50 - 2014-03-13 01:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 00:50 - 2014-03-13 01:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 00:50 - 2014-03-13 01:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 00:50 - 2014-03-13 01:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 00:50 - 2014-03-13 01:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 00:50 - 2014-03-13 01:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 00:50 - 2014-03-13 01:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 00:50 - 2014-03-13 01:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 00:50 - 2014-03-13 01:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 00:50 - 2014-03-13 01:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 00:50 - 2014-03-13 01:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 00:50 - 2014-03-13 01:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 00:50 - 2014-03-13 00:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 00:50 - 2014-03-13 00:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 00:50 - 2014-03-13 00:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 00:50 - 2014-03-12 23:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 00:50 - 2014-03-12 23:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 00:50 - 2014-03-12 22:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-09 00:50 - 2014-03-12 22:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-09 00:49 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 00:49 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 00:49 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 00:49 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 00:49 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 00:49 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 00:49 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 00:49 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 00:49 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 00:49 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 00:49 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-30 19:41 - 2014-03-30 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 03:12 - 2014-03-29 03:12 - 00000623 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-03-27 21:20 - 2014-03-27 21:20 - 00000000 ____D () C:\Users\yli\AppData\Local\Blizzard
2014-03-25 14:13 - 2014-03-25 14:13 - 00055445 _____ () C:\Windows\SysWOW64\CCCInstall_201403251413368807.log
2014-03-25 14:13 - 2014-03-25 14:13 - 00000000 ____D () C:\ProgramData\ATI
2014-03-25 14:13 - 2014-03-25 14:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-23 22:42 - 2014-03-23 22:42 - 00000087 ____H () C:\Users\yli\Documents\.~lock.proposedlolitemreworks.odt#
 
==================== One Month Modified Files and Folders =======
 
2014-04-20 07:53 - 2014-04-20 07:36 - 00000000 ____D () C:\FRST
2014-04-20 07:50 - 2013-02-07 05:15 - 00000000 ____D () C:\Users\yli\AppData\Roaming\uTorrent
2014-04-20 07:47 - 2013-01-14 03:19 - 00000000 ____D () C:\Users\yli\AppData\Roaming\Skype
2014-04-20 07:40 - 2014-04-18 23:21 - 00000069 _____ () C:\Windows\system32\eioww.hil
2014-04-20 07:39 - 2014-04-20 07:37 - 00002626 _____ () C:\Users\yli\Desktop\Rkill.txt
2014-04-20 06:59 - 2013-12-08 17:13 - 00000000 ____D () C:\Users\yli\AppData\Roaming\Sony
2014-04-20 06:59 - 2013-10-09 11:49 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 06:59 - 2013-01-11 21:03 - 00000000 ____D () C:\Users\yli\AppData\Local\CrashDumps
2014-04-20 06:59 - 2013-01-10 07:33 - 00000000 ____D () C:\Windows\Panther
2014-04-20 06:57 - 2013-01-12 05:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 06:47 - 2013-02-28 03:24 - 00002532 _____ () C:\Windows\Sandboxie.ini
2014-04-20 06:40 - 2013-02-11 00:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 06:40 - 2013-02-11 00:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-20 06:30 - 2013-11-08 08:21 - 00000000 ____D () C:\Users\yli\AppData\Roaming\Raptr
2014-04-20 03:00 - 2013-01-10 05:38 - 01573272 ____N () C:\Windows\WindowsUpdate.log
2014-04-20 02:37 - 2009-07-13 23:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 02:37 - 2009-07-13 23:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 02:36 - 2013-08-22 13:26 - 00000000 ____D () C:\Users\yli\AppData\Roaming\Spotify
2014-04-20 02:35 - 2013-01-15 02:28 - 00383998 _____ () C:\Windows\system32\prfh0804.dat
2014-04-20 02:35 - 2013-01-15 02:28 - 00119700 _____ () C:\Windows\system32\prfc0804.dat
2014-04-20 02:35 - 2009-07-14 00:13 - 01277832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 02:33 - 2014-04-20 02:33 - 00003018 _____ () C:\Windows\System32\Tasks\asrRd
2014-04-20 02:33 - 2014-04-20 02:33 - 00002952 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-04-20 02:30 - 2014-03-17 10:03 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-20 02:30 - 2013-01-12 05:12 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 02:30 - 2013-01-10 06:23 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-04-20 02:30 - 2013-01-10 06:23 - 00000000 ____D () C:\Users\yli\Lucidlogix
2014-04-20 02:30 - 2013-01-10 06:18 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-20 02:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 19:29 - 2013-01-10 06:18 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-19 15:53 - 2014-04-19 15:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-19 15:53 - 2014-04-19 15:53 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-19 15:53 - 2013-12-19 09:52 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-19 15:53 - 2013-03-01 04:16 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-19 15:53 - 2013-03-01 04:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-19 15:53 - 2013-02-28 00:07 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-19 15:53 - 2013-02-28 00:07 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-19 15:53 - 2013-02-28 00:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-19 15:53 - 2013-02-17 19:40 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-19 15:53 - 2013-02-17 19:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-19 15:53 - 2013-02-17 19:40 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-19 15:53 - 2013-02-17 19:40 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-19 03:16 - 2014-04-19 03:16 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-18 23:11 - 2014-04-18 23:11 - 00000064 _____ () C:\Windows\system32\ftjxsyp.stf
2014-04-18 23:11 - 2014-04-18 23:11 - 00000000 _____ () C:\Windows\system32\imhq.zpk
2014-04-18 22:55 - 2014-04-18 22:55 - 00236804 ____S () C:\Windows\system32\ygchxu.ojm
2014-04-18 22:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-18 15:58 - 2013-11-08 08:21 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-18 03:10 - 2013-03-06 19:50 - 00000000 ____D () C:\Users\yli\AppData\Roaming\Mumble
2014-04-13 02:53 - 2013-07-14 14:50 - 00000000 ____D () C:\Users\yli\AppData\Roaming\vlc
2014-04-13 00:28 - 2013-11-20 18:38 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-12 01:59 - 2014-04-12 01:59 - 00000000 ____D () C:\Users\yli\AppData\Local\Ubisoft Game Launcher
2014-04-10 15:59 - 2013-01-12 05:13 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-09 12:57 - 2013-07-06 14:50 - 00000000 ____D () C:\Users\yli\AppData\Roaming\SolidWorks
2014-04-09 03:01 - 2013-07-26 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:00 - 2013-01-15 02:17 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 15:58 - 2013-03-08 04:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 09:35 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 19:41 - 2014-03-30 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 03:50 - 2013-01-23 18:15 - 00000000 ____D () C:\Users\yli\Documents\My Games
2014-03-29 03:12 - 2014-03-29 03:12 - 00000623 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-03-29 01:09 - 2013-04-01 01:32 - 00000000 ___HD () C:\Users\yli\.git
2014-03-28 00:39 - 2014-01-24 21:23 - 00000000 ____D () C:\Users\yli\AppData\Local\Battle.net
2014-03-27 21:37 - 2014-01-24 21:23 - 00000000 ____D () C:\Users\yli\AppData\Roaming\Battle.net
2014-03-27 21:20 - 2014-03-27 21:20 - 00000000 ____D () C:\Users\yli\AppData\Local\Blizzard
2014-03-27 11:51 - 2013-01-12 05:12 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 11:51 - 2013-01-12 05:12 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 14:13 - 2014-03-25 14:13 - 00055445 _____ () C:\Windows\SysWOW64\CCCInstall_201403251413368807.log
2014-03-25 14:13 - 2014-03-25 14:13 - 00000000 ____D () C:\ProgramData\ATI
2014-03-25 14:13 - 2014-03-25 14:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-25 14:13 - 2014-03-01 17:29 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-25 14:13 - 2013-01-10 05:50 - 00000000 ____D () C:\ProgramData\AMD
2014-03-25 14:11 - 2013-02-17 09:12 - 01273612 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-25 14:06 - 2013-01-10 05:49 - 00000000 ____D () C:\AMD
2014-03-23 22:42 - 2014-03-23 22:42 - 00000087 ____H () C:\Users\yli\Documents\.~lock.proposedlolitemreworks.odt#
 
Files to move or delete:
====================
C:\Users\yli\jagex_cl_runescape_LIVE.dat
C:\Users\yli\random.dat
 
 
Some content of TEMP:
====================
C:\Users\yli\AppData\Local\Temp\SandboxieInstall.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0516096 ____A (Microsoft Corporation) B392F83A6977DF7DAAB299416F96FAE2
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 08:38
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by yli at 2014-04-20 07:45:50
Running from E:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
°Ù¶ÈÔÆÉÏ´«¿Ø¼þ 2.0.0 (HKLM-x32\...\°Ù¶ÈÔÆÉÏ´«¿Ø¼þ) (Version: 2.0.0 - °Ù¶ÈÔÚÏßÍøÂç¼¼Êõ£¨±±¾©£©ÓÐÏÞ¹«Ë¾)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Age of Empires II version 1.0c (HKLM-x32\...\{CE66F061-3551-4854-BFAC-45F056C777AB}_is1) (Version: 1.0c - Microsoft Games ®. 2000)
AMD Accelerated Video Transcoding (Version: 13.30.100.40312 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK 2.9 (HKLM\...\{B192EDAC-25C7-408D-99A0-A23455F50E27}) (Version: 2.9.233.167 - Advanced Micro Devices, Inc.)
AMD Catalyst Control Center (x32 Version: 2014.0312.1131.18796 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.257 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Autodesk 3ds Max 2013 64-bit (HKLM\...\Autodesk 3ds Max 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (HKLM\...\{7EDE5B68-1FB0-405D-88F0-A34236002DA8}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit) (Version:  - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (HKLM\...\{696BB53C-28E6-1664-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
BaiduPlayerBaiduYun1.19.1.23 (HKLM-x32\...\BaiduPlayerBaiduYun) (Version: 1.19.1 - Baidu Online Network Technology (Beijing) Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0312.1131.18796 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0312.1131.18796 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0312.1131.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0312.1130.18796 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0312.1131.18796 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
Creo Direct Version 2.0 Datecode [M030] (HKLM-x32\...\Creo Direct Version 2.0 Datecode [M030]) (Version: 2.0 - PTC)
Creo Layout Version 2.0 Datecode [M030] (HKLM-x32\...\Creo Layout Version 2.0 Datecode [M030]) (Version: 2.0 - PTC)
Creo Parametric Version 2.0 Datecode [M030] (HKLM-x32\...\Creo Parametric Version 2.0 Datecode [M030]) (Version: 2.0 - PTC)
Creo Platform 2.11 (HKLM-x32\...\{8FE374ED-AEB5-4C80-A5F6-6CBBB857934D}) (Version: 2.11.1 - PTC)
Creo Simulate Version 2.0 Datecode [M030] (HKLM-x32\...\Creo Simulate Version 2.0 Datecode [M030]) (Version: 2.0 - PTC)
Creo Thumbnail Viewer 2.0 (HKLM\...\{34124AEB-5224-4ABB-9DDF-BCA691CDAA4D}) (Version: 30.12.360 - PTC)
CursorFX (HKLM-x32\...\CursorFX) (Version: 2.13 - Stardock Corporation)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Studio 4.6 (64bit) (HKLM-x32\...\DAZ Studio 4.6 (64bit) 4.6.0.18) (Version: 4.6.0.18 - DAZ 3D)
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version:  - IdeaMK)
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age Redesigned © Morrigan (HKCU\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned Oghren© (HKCU\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned©  Zevran (HKCU\...\Dragon Age Redesigned©  Zevran) (Version:  - )
Dragon Age Redesigned© (HKCU\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKCU\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Sten (HKCU\...\Dragon Age Redesigned© Sten) (Version:  - )
Dragon Age Redesigned© Wynne (HKCU\...\Dragon Age Redesigned© Wynne) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.03 - Electronic Arts, Inc.)
Dragon Age: Origins Character Creator (HKLM-x32\...\{D8B5B7C3-47B1-40FA-8251-59C74A543880}) (Version: 1.00 - Electronic Arts, Inc.)
DSON Importer for Poser (64bit) (HKLM-x32\...\DSON Importer for Poser (64bit) 1.1.0.18) (Version: 1.1.0.18 - DAZ 3D)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.12.6 (HKLM-x32\...\Fallout Mod Manager_is1) (Version:  - Timeslip, Q)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Geekbench 2.4 (HKLM-x32\...\Geekbench 2.4) (Version:  - Primate Labs)
Git version 1.8.1.2-preview20130201 (HKLM-x32\...\Git_is1) (Version: 1.8.1.2-preview20130201 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iPhoneBrowser (HKLM-x32\...\{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}) (Version: 1.8.1 - Cranium Consulting and Custom Software)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java SE Development Kit 7 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 4.2.1.1 (HKLM-x32\...\{C83C3B4C-1AFF-4CEA-8078-74E7A3FE8F03}) (Version: 4.2.1.1 - The Document Foundation)
Litecoin (HKCU\...\Litecoin) (Version: 0.8.5.1 - Litecoin project)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.2.2 - www.leaguereplays.com)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (x32 Version: 2.0.30717.9005 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.36 - Crintsoft) <==== ATTENTION
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.43.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22397 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Poser Pro 2014 (HKLM\...\Poser Pro 2014 English_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PTC Quality Agent (HKLM-x32\...\{61F60315-8767-4C63-9AAE-A0C2B84B0008}) (Version: 2.0.0.0 - PTC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Queue Manager 2014 (HKLM\...\Queue Manager 2014_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Real M3 Gens FreeUpdate 3 (HKLM-x32\...\Real M3 Gens FreeUpdate 3) (Version:  - Satanica Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2045.2 - Hi-Rez Studios)
SolidWorks 2013 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20130-40000-1100-100) (Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2013 SP0 x64 Edition  (Version: 21.00.5025 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}) (Version: 1.0.0000.129 - CAPCOM U.S.A., INC)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129 - CAPCOM U.S.A., INC) Hidden
Tablet Driver V5.02 (HKLM-x32\...\TabletDriver) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM-x32\...\{56ef8912-352f-4fab-9c73-6f1c92a7127f}) (Version: 11.0.51219 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VIRTU MVP 2.1.224 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.224 - Lucidlogix Technologies LTD)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Software Development Kit (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.3 - Wrye & Wrye Bash Development Team)
 
==================== Restore Points  =========================
 
15-04-2014 19:01:21 Windows Update
19-04-2014 20:53:08 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {73597F87-0F85-4FA8-AEFD-9B304A9153EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {79513F4B-232A-4174-8124-F083562B797F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7ED32788-605B-44E9-A55E-D50E98440B76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {85AB8F23-39AF-41DC-88A6-90261600C804} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8E064198-D3CE-4D80-A3F3-0BD3BEAB627A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-19] (AVAST Software)
Task: {9C865C50-C55E-4546-9F96-D847510475C4} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe [2012-01-13] ()
Task: {BEB401AA-E05D-4AA3-9185-138E18F1FE29} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe [2012-07-03] ()
Task: {D6A721AB-D939-42F6-93D5-F8BAFCCBBF8A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 05:40 - 2011-05-05 15:36 - 00022528 _____ () E:\DAZ contents\ContentManagementService\ContentManagementServer.exe
2014-01-20 05:40 - 2011-05-05 15:36 - 01479680 _____ () E:\DAZ contents\ContentManagementService\ace_x64.dll
2014-01-20 05:40 - 2011-05-05 15:36 - 00977408 _____ () E:\DAZ contents\ContentManagementService\VServer_x64.dll
2014-01-20 05:40 - 2011-05-05 15:36 - 01053696 _____ () E:\DAZ contents\ContentManagementService\ace_ssl_x64.dll
2014-01-20 05:40 - 2011-05-05 15:36 - 00155136 _____ () E:\DAZ contents\ContentManagementService\asnmp_x64.dll
2013-01-10 06:18 - 2012-02-21 13:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-02-09 17:26 - 2012-02-09 17:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 17:26 - 2012-02-09 17:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 17:26 - 2012-02-09 17:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2013-04-25 17:32 - 2013-03-05 18:20 - 00148712 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll
2013-12-18 14:40 - 2013-12-18 14:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-21 21:55 - 2013-02-01 10:27 - 00718322 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-10 06:15 - 2012-05-20 21:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-25 17:32 - 2013-03-05 18:20 - 03104488 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
2012-09-28 05:50 - 2012-09-28 05:50 - 00272488 _____ () E:\Solidworks 2013\SolidWorks\sldBodyDiffu.dll
2014-04-19 15:52 - 2014-04-19 15:52 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041903\algo.dll
2014-04-20 06:30 - 2014-04-20 06:30 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14042000\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-19 09:52 - 2013-12-19 09:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-02-21 17:32 - 2014-02-21 17:32 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-02-21 17:32 - 2014-02-21 17:32 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-02-21 17:32 - 2014-02-21 17:32 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-02-21 17:32 - 2014-02-21 17:32 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 14:01 - 2011-05-10 14:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2014-02-21 17:32 - 2014-02-21 17:32 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2012-10-27 02:53 - 2012-10-27 02:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-02-13 10:22 - 2014-02-13 10:22 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2f069b57965f456c3c25fb82419a363d\IsdiInterop.ni.dll
2013-01-10 06:16 - 2012-05-30 14:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-01-10 06:17 - 2012-02-21 13:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 15:46 - 2011-09-21 15:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-04-10 15:58 - 2014-04-01 20:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 15:58 - 2014-04-01 20:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 15:58 - 2014-04-01 20:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 15:58 - 2014-04-01 20:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 15:58 - 2014-04-01 20:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 15:58 - 2014-04-01 20:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/20/2014 02:31:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2014 02:30:05 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (04/20/2014 02:11:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2014 02:09:46 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (04/19/2014 05:17:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488
 
Error: (04/19/2014 05:17:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488
 
Error: (04/19/2014 05:17:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/19/2014 05:17:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (04/19/2014 05:17:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
Error: (04/19/2014 05:17:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (04/20/2014 07:37:53 AM) (Source: Service Control Manager) (User: )
Description: The WinTab Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2014 02:35:43 AM) (Source: LsaSrv) (User: NT AUTHORITY)
Description: An anonymous session connected from YLI-PC has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
 The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.
 This message will be logged at most once a day.
 
Error: (04/20/2014 02:30:05 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (04/20/2014 02:29:31 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/20/2014 02:09:46 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (04/20/2014 02:09:01 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/19/2014 06:03:23 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (04/19/2014 06:03:23 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (04/19/2014 04:39:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (04/19/2014 04:39:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
 
Microsoft Office Sessions:
=========================
Error: (04/20/2014 02:31:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2014 02:30:05 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (04/20/2014 02:11:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2014 02:09:46 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (04/19/2014 05:17:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488
 
Error: (04/19/2014 05:17:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488
 
Error: (04/19/2014 05:17:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/19/2014 05:17:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (04/19/2014 05:17:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
Error: (04/19/2014 05:17:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 8077.89 MB
Available physical RAM: 4169.82 MB
Total Pagefile: 16153.97 MB
Available Pagefile: 11793.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.02 GB) (Free:29.17 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:634 GB) NTFS
Drive j: (Dishonored) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: FAF09C9A)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: FF78BD00)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by yli at 2014-04-20 07:50:17
Running from E:\Downloads
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0516096 ____A (Microsoft Corporation) B392F83A6977DF7DAAB299416F96FAE2
 
====== End Of Search ======

Edited by yuechenli, 20 April 2014 - 09:16 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 20 April 2014 - 08:19 PM


Hello yuechenli,

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
2014-04-18 23:21 - 2014-04-20 07:40 - 00000069 _____ () C:\Windows\system32\eioww.hil
2014-04-18 23:11 - 2014-04-18 23:11 - 00000064 _____ () C:\Windows\system32\ftjxsyp.stf
2014-04-18 23:11 - 2014-04-18 23:11 - 00000000 _____ () C:\Windows\system32\imhq.zpk
2014-04-18 22:55 - 2014-04-18 22:55 - 00236804 ____S () C:\Windows\system32\ygchxu.ojm
2014-04-19 03:16 - 2014-04-19 03:16 - 00000028 _____ () C:\Windows\SysWOW64\u
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\WINDOWS\System32\rpcss.dll


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 23 April 2014 - 07:22 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 26 April 2014 - 06:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users