Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost URL:Mal


  • This topic is locked This topic is locked
17 replies to this topic

#1 Malren

Malren

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 25 May 2014 - 09:57 AM

Yesterday my computer froze with a black screen, then restarted.  After it restarted, avast keeps showing messages about blocking a harmful webpage.  The specific webpage keeps changing, but the rest of the information remains the same.

 

Infection: URL:Mal

Process: C:\Windows\System32\svchost.exe

 

I get a new blocked webpage message every few seconds (over 20 while typing this post).

 

Any help would be appreciated!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by James_2 at 10:50:16 on 2014-05-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.4429 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\FeedReader30\feedreader.exe
C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
C:\Users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [feedreader.exe] "C:\Program Files (x86)\FeedReader30\feedreader.exe"
uRun: [Pinnacle Game Profiler] "C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" -atboottime
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\James_2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{15E670A8-8A48-417B-8505-FA2D79980951} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 relog_ap
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James_2\AppData\Roaming\Mozilla\Firefox\Profiles\v07rkaqs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 205320]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-1-20 21184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-15 1032416]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-7-15 409832]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-7-15 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-7-15 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-19 50344]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-4 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-9 21009352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-4-18 411936]
R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-6 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-6 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2013-10-18 33872]
S3 FLASHSYS;FLASHSYS;C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys [2010-5-28 15192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 netr7364;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2007-11-12 581632]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-14 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-25 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-28 1255736]
S4 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [2013-5-8 321024]
S4 CAMWorks License Server;CAMWorks License Server;C:\CAMWorksFlexLM\lmgrd.exe [2013-2-3 1370752]
S4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-6-9 89192]
S4 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-11-4 131912]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-3 1431888]
S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-7-6 460288]
S4 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-7-6 342528]
S4 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2012-4-9 114824]
S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-25 14:19:16 -------- d-----w- C:\Windows\ERUNT
2014-05-25 14:18:31 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-25 13:53:41 -------- d-----w- C:\FRST
2014-05-25 13:04:01 -------- d-----w- C:\Users\James_2\AppData\Local\CrashDumps
2014-05-25 13:03:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-25 13:03:18 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 05:07:12 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-25 04:39:07 -------- d-----w- C:\Program Files (x86)\Revo Group
2014-05-25 04:19:40 98816 ----a-w- C:\Windows\sed.exe
2014-05-25 04:19:40 256000 ----a-w- C:\Windows\PEV.exe
2014-05-25 04:19:40 208896 ----a-w- C:\Windows\MBR.exe
2014-05-25 03:48:22 -------- d-----w- C:\PCFIX
2014-05-25 02:02:58 -------- d-----w- C:\Users\James_2\AppData\Local\VirtualStore
2014-05-25 01:55:50 -------- d-----w- C:\ProgramData\Licenses
2014-05-25 01:05:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-25 01:04:53 -------- d-----w- C:\AdwCleaner
2014-05-24 03:45:21 -------- d-----w- C:\Program Files (x86)\GPU-Z
2014-05-23 10:59:39 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA5FC8C6-2743-4CB9-9F50-9D7FB04C2B59}\mpengine.dll
2014-05-21 02:09:15 7168 ----a-w- C:\Windows\SysWow64\shfocdb5.rra
2014-05-21 02:09:15 21504 ----a-w- C:\Windows\SysWow64\verscde4.rra
2014-05-21 02:09:15 15360 ----a-w- C:\Windows\SysWow64\wsocce22.rra
2014-05-21 02:09:15 126464 ----a-w- C:\Windows\SysWow64\advpcd77.rra
2014-05-21 02:08:51 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-05-21 02:08:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-05-21 02:08:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-05-21 02:08:51 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-05-21 02:08:51 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-05-21 02:08:51 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-05-21 02:08:51 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-05-21 00:12:28 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-21 00:12:14 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-21 00:12:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-21 00:12:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 17:01:23 -------- d-----w- C:\Users\James_2\AppData\Roaming\DarkSoulsII
2014-05-16 13:31:03 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-05-16 13:31:03 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-05-15 00:00:01 -------- d-----w- C:\Users\James_2\AppData\Roaming\DropboxMaster
2014-05-14 11:31:13 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 11:31:13 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 11:30:35 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-14 11:30:33 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-05-14 11:30:32 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-05-14 11:30:32 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-05-14 11:30:31 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-14 11:30:31 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-05-14 11:04:58 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-05-14 01:11:10 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-11 16:56:38 509712 ----a-w- C:\Windows\SysWow64\temp.006
2014-05-11 16:56:37 598288 ----a-w- C:\Windows\SysWow64\temp.000
2014-05-11 16:56:37 326656 ----a-w- C:\Windows\SysWow64\temp.005
2014-05-11 16:56:37 17920 ----a-w- C:\Windows\SysWow64\temp.003
2014-05-11 16:56:37 164112 ----a-w- C:\Windows\SysWow64\temp.001
2014-05-11 16:56:37 147728 ----a-w- C:\Windows\SysWow64\temp.002
2014-05-11 16:56:37 1388544 ----a-w- C:\Windows\SysWow64\temp.004
2014-05-09 22:45:47 -------- d-----w- C:\ProgramData\Amazon
2014-05-08 11:21:12 188272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 21:31:13 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-06 21:31:13 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-06 11:45:48 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-01 17:33:01 -------- d-sh--w- C:\Users\James_2\AppData\Local\EmieUserList
2014-05-01 17:33:01 -------- d-sh--w- C:\Users\James_2\AppData\Local\EmieSiteList
2014-05-01 13:42:34 7168 ----a-w- C:\Windows\SysWow64\shfo529c.rra
2014-05-01 13:42:34 21504 ----a-w- C:\Windows\SysWow64\vers52cb.rra
2014-05-01 13:42:34 15360 ----a-w- C:\Windows\SysWow64\wsoc52ea.rra
2014-05-01 13:42:34 126464 ----a-w- C:\Windows\SysWow64\advp51f0.rra
2014-05-01 13:12:31 7168 ----a-w- C:\Windows\SysWow64\shfo3da5.rra
2014-05-01 13:12:31 21504 ----a-w- C:\Windows\SysWow64\vers3da5.rra
2014-05-01 13:12:31 15360 ----a-w- C:\Windows\SysWow64\wsoc3db5.rra
2014-05-01 13:12:31 126464 ----a-w- C:\Windows\SysWow64\advp3d95.rra
2014-05-01 13:10:18 7168 ----a-w- C:\Windows\SysWow64\shfo38ec.rra
2014-05-01 13:10:18 21504 ----a-w- C:\Windows\SysWow64\vers38fb.rra
2014-05-01 13:10:18 15360 ----a-w- C:\Windows\SysWow64\wsoc390b.rra
2014-05-01 13:10:18 126464 ----a-w- C:\Windows\SysWow64\advp38cd.rra
.
==================== Find3M ====================
.
2014-05-25 04:48:36 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2014-05-18 12:47:40 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-18 12:47:39 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-30 18:29:25 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-01 02:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-10 22:17:22 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-03-09 14:44:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-09 14:44:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-03-07 18:02:56 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 10:50:35.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 26 May 2014 - 04:28 PM

Hi Malren and Welcome to BleepingComputer!

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 27 May 2014 - 05:36 PM

Hello Malren

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Combofix is a powerful tool intended by its creator to be used under the direction of an expert. It is NOT for private use. You should NOT use Combofix unless a Malware Removal Expert has told you to. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again. Please read Combofix's Disclaimer.
Plus, if it is run without be asked for by a 'helper', the creator will offer no help if anything goes wrong.

As you have already run this program I would like to see the log it creates. The file should be located at C:\ComboFix.txt

I would also like to see what AdwCleaner has found. The report will be saved in the C:\AdwCleaner folder.

Step 1

More information about Installing and run Combofix can be found HERE

Please delete and re-download ComboFix from one of the following locations:
 

  • LINK 1
  • LINK 2

    **IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly
     
  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
     
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.
  • If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

    Please include the contents of C:\ComboFix.txt in your next reply.

    Please Enable your Anti-virus Software again !!

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
    4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 Malren

Malren
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 May 2014 - 06:12 PM

Seedy21, thanks for your help!

 

When I disabled Avast prior to running ComboFix, I heard some audio ads start playing in the background.  No browser windows were open, it was just audio.  When ComboFix started running, the audio stopped.  After ComboFix closed (it did not cause my computer to restart, but did close all my taskbar programs) the audio started up again.  I restarted the computer manually, then enabled Avast.  I'm not sure if this information will help, but I thought you should know.

 

ComboFix log:

 

 

ComboFix 14-05-27.02 - James_2 05/27/2014 18:46:23.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5413 [GMT -4:00]
Running from: c:\users\James_2\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1401109487.3500.bin
c:\programdata\1401109487.3516.bin
c:\programdata\1401109487.4000.bin
c:\programdata\1401110171.bdinstall.bin
c:\programdata\1401123577.bdinstall.bin
c:\programdata\1401123589.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2014-04-27 to 2014-05-27 )))))))))))))))))))))))))))))))
.
.
2014-05-27 22:55 . 2014-05-27 22:55 -------- d-----w- c:\users\test\AppData\Local\temp
2014-05-27 22:55 . 2014-05-27 22:55 -------- d-----w- c:\users\Lo Res Test\AppData\Local\temp
2014-05-27 22:55 . 2014-05-27 22:55 -------- d-----w- c:\users\James\AppData\Local\temp
2014-05-27 22:55 . 2014-05-27 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-27 22:55 . 2014-05-27 22:55 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2014-05-27 22:47 . 2014-05-27 22:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA5FC8C6-2743-4CB9-9F50-9D7FB04C2B59}\offreg.dll
2014-05-27 22:41 . 2014-05-27 22:43 -------- d-----w- C:\AdwCleaner
2014-05-26 13:18 . 2012-11-02 18:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-05-26 13:17 . 2014-05-26 17:00 -------- d-----w- c:\program files\Bitdefender
2014-05-26 13:04 . 2014-05-26 13:17 -------- d-----w- c:\users\James_2\AppData\Roaming\QuickScan
2014-05-26 13:01 . 2014-05-26 13:01 -------- d-----w- c:\program files (x86)\SpywareBlaster
2014-05-26 03:52 . 2014-05-26 03:53 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-26 03:52 . 2014-05-26 03:52 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-26 03:52 . 2014-05-26 03:52 43152 ----a-w- c:\windows\avastSS.scr
2014-05-25 14:19 . 2014-05-25 14:19 -------- d-----w- c:\windows\ERUNT
2014-05-25 13:53 . 2014-05-25 13:54 -------- d-----w- C:\FRST
2014-05-25 13:04 . 2014-05-25 13:04 -------- d-----w- c:\users\James_2\AppData\Local\CrashDumps
2014-05-25 13:03 . 2014-05-25 13:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-25 13:03 . 2014-05-25 13:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-25 05:07 . 2014-05-25 05:07 313256 ----a-w- c:\windows\system32\javaws.exe
2014-05-25 05:07 . 2014-05-25 05:07 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-25 05:07 . 2014-05-25 05:07 189352 ----a-w- c:\windows\system32\javaw.exe
2014-05-25 05:07 . 2014-05-25 05:07 189352 ----a-w- c:\windows\system32\java.exe
2014-05-25 04:39 . 2014-05-25 05:11 -------- d-----w- c:\program files (x86)\Revo Group
2014-05-25 03:48 . 2014-05-25 13:05 -------- d-----w- C:\PCFIX
2014-05-25 02:02 . 2014-05-27 01:06 -------- d-----w- c:\users\James_2\AppData\Local\VirtualStore
2014-05-25 01:55 . 2014-05-25 01:55 -------- d-----w- c:\programdata\Licenses
2014-05-25 01:05 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-24 03:45 . 2014-05-24 03:45 -------- d-----w- c:\program files (x86)\GPU-Z
2014-05-23 10:59 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA5FC8C6-2743-4CB9-9F50-9D7FB04C2B59}\mpengine.dll
2014-05-21 02:09 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsocce22.rra
2014-05-21 02:09 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\verscde4.rra
2014-05-21 02:09 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfocdb5.rra
2014-05-21 02:09 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advpcd77.rra
2014-05-21 02:08 . 2014-05-21 02:08 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-05-21 02:08 . 2014-05-21 02:08 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-05-21 02:08 . 2003-09-03 06:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-05-21 02:08 . 2003-09-03 06:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-05-21 02:08 . 2003-09-03 06:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-05-21 02:08 . 2003-09-03 06:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-05-21 02:08 . 2003-09-03 06:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-05-21 00:12 . 2014-05-26 04:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-21 00:12 . 2014-05-21 00:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-21 00:12 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-21 00:12 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 17:01 . 2014-05-18 17:01 -------- d-----w- c:\users\James_2\AppData\Roaming\DarkSoulsII
2014-05-16 13:31 . 2014-05-16 13:31 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-05-16 13:31 . 2014-05-16 13:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2014-05-15 00:00 . 2014-05-15 00:00 -------- d-----w- c:\users\James_2\AppData\Roaming\DropboxMaster
2014-05-14 11:31 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 11:31 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 11:31 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 11:31 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 11:31 . 2014-05-14 11:31 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-14 11:30 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-14 11:30 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-05-14 11:30 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-05-14 11:30 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-05-14 11:30 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-05-14 11:30 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-14 11:04 . 2014-03-04 09:44 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-11 16:56 . 2001-10-30 11:57 509712 ----a-w- c:\windows\SysWow64\temp.006
2014-05-11 16:56 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.005
2014-05-11 16:56 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.003
2014-05-11 16:56 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.001
2014-05-11 16:56 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.000
2014-05-11 16:56 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.002
2014-05-11 16:56 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.004
2014-05-09 22:45 . 2014-05-09 22:49 -------- d-----w- c:\programdata\Amazon
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 21:31 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-05-06 21:31 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-05-06 11:45 . 2014-05-14 11:36 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-01 17:33 . 2014-05-01 17:33 -------- d-sh--w- c:\users\James_2\AppData\Local\EmieUserList
2014-05-01 17:33 . 2014-05-01 17:33 -------- d-sh--w- c:\users\James_2\AppData\Local\EmieSiteList
2014-05-01 13:42 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc52ea.rra
2014-05-01 13:42 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers52cb.rra
2014-05-01 13:42 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo529c.rra
2014-05-01 13:42 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp51f0.rra
2014-05-01 13:12 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc3db5.rra
2014-05-01 13:12 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers3da5.rra
2014-05-01 13:12 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo3da5.rra
2014-05-01 13:12 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp3d95.rra
2014-05-01 13:10 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc390b.rra
2014-05-01 13:10 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers38fb.rra
2014-05-01 13:10 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo38ec.rra
2014-05-01 13:10 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp38cd.rra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-26 12:40 . 2007-08-22 00:46 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2014-05-26 03:53 . 2011-07-15 23:31 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-26 03:53 . 2011-07-15 23:31 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-26 03:52 . 2013-03-13 20:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-26 03:52 . 2013-03-13 20:31 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-26 03:52 . 2011-07-15 23:31 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-26 03:52 . 2011-01-15 02:46 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-26 03:52 . 2012-02-25 02:47 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-18 12:47 . 2012-04-01 16:21 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-18 12:47 . 2011-05-16 21:13 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 11:27 . 2011-12-21 02:55 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:25 . 2011-07-15 23:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 18:29 . 2013-10-30 00:18 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-10-30 00:18 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-22 23:00 . 2014-04-22 23:00 1057792 ----a-r- c:\users\James_2\AppData\Roaming\Microsoft\Installer\{59B1995D-81FD-4B78-A0BE-94A0E90B6AE8}\StartMenuIcon.exe
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 16:42 . 2013-08-09 20:43 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-31 13:35 . 2010-05-28 04:23 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-10 22:17 . 2014-01-20 12:06 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-09 14:44 . 2014-02-28 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-09 14:44 . 2012-12-25 18:34 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-07 18:02 . 2014-02-28 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-06 09:31 . 2014-04-22 11:50 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-22 11:50 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-22 11:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-22 11:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-22 11:50 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-22 11:50 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-22 11:50 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-22 11:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-22 11:50 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-22 11:50 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-22 11:50 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-22 11:50 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-22 11:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-22 11:50 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-22 11:50 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-22 11:50 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-22 11:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-22 11:50 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-22 11:50 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-22 11:50 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-22 11:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-22 11:50 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-22 11:50 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-22 11:50 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-22 11:50 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-22 11:50 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-22 11:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-22 11:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-22 11:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-22 11:50 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-22 11:50 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-22 11:50 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-22 11:50 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2014-04-18 12:23 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-04-18 12:23 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2014-04-18 12:13 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-04-18 12:13 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-04-18 12:13 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-04-18 12:13 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-04-18 12:13 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-04-18 12:13 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-04-18 12:13 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-04-18 12:13 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-04-18 12:13 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-04-18 12:13 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-04-18 12:13 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-04-18 12:13 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-04-18 12:13 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-04-18 12:13 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-04-18 12:13 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-04-18 12:13 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-04-18 12:13 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-18 12:13 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-04-18 12:13 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-04-18 12:13 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-18 12:13 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-04-18 12:13 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-04-18 12:13 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-04-18 12:13 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-04-18 12:13 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-04-18 12:13 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-04-18 12:13 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-04-18 12:13 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-04-18 12:13 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-04-18 12:13 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-04-18 12:13 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 13:06 . 2014-04-18 12:23 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-04-18 12:23 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-04-18 12:23 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-04-18 12:23 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-04-18 12:23 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-04-18 12:23 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-04-18 12:23 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-08 22:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 22:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 22:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 22:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2010-11-20 . 82CB6C113DD2F8C1C8EB9DBC9F53B1D9 . 520192 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"feedreader.exe"="c:\program files (x86)\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"Pinnacle Game Profiler"="c:\program files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" [2014-05-02 3829760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-26 3888648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-7 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [x]
R4 CAMWorks License Server;CAMWorks License Server;c:\camworksflexlm\lmgrd.exe;c:\camworksflexlm\lmgrd.exe [x]
R4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
R4 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x]
R4 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswTdi
*Deregistered* - PROCEXP152
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:47]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 12:30]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 12:30]
.
2014-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core.job
- c:\users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 22:12]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA.job
- c:\users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-26 03:52 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\James_2\AppData\Roaming\Mozilla\Firefox\Profiles\v07rkaqs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-75833692.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-419854314-1677918223-1613990488-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{335235B8-CD71-0157-D388-B75126D7E5C8}*]
"iaidhgihmpgfbfhbnn"=hex:6a,61,6d,6f,61,64,63,6a,70,62,70,62,6d,65,6d,6b,64,6c,
6b,69,00,ff
"haodaohpofcklhgi"=hex:6a,61,6d,6f,61,64,63,6a,70,62,70,62,6d,65,6d,6b,64,6c,
6b,69,00,01
.
[HKEY_USERS\S-1-5-21-419854314-1677918223-1613990488-1008\Software\SecuROM\License information*]
"datasecu"=hex:dc,ce,5d,33,72,46,e6,71,4c,a5,d1,5f,1c,6b,5d,a1,23,44,1f,b2,33,
b6,0c,38,e1,48,55,d6,1f,2e,39,d3,b3,0e,be,f0,cf,cc,f9,54,a5,43,84,b1,25,e9,\
"rkeysecu"=hex:09,a6,27,8a,dc,e1,94,2d,7b,b6,46,c0,04,92,88,b3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-27 18:57:43
ComboFix-quarantined-files.txt 2014-05-27 22:57
ComboFix2.txt 2014-05-25 04:36
.
Pre-Run: 280,286,146,560 bytes free
Post-Run: 279,998,615,552 bytes free
.
- - End Of File - - 5142834399362662F0E3ABC507D83153
A36C5E4F47E84449FF07ED3517B43A31



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 27 May 2014 - 07:26 PM

Thank you for the log.

 

I also need this log posting:-

 

C:\ComboFix2.txt


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 Malren

Malren
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 May 2014 - 07:31 PM

Here is ComboFix2.txt

 

 

ComboFix 14-05-19.01 - James_2 05/25/2014 0:21.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.6526 [GMT -4:00]
Running from: c:\pcfix\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2014-04-25 to 2014-05-25 )))))))))))))))))))))))))))))))
.
.
2014-05-25 04:30 . 2014-05-25 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-25 03:48 . 2014-05-25 04:02 -------- d-----w- C:\PCFIX
2014-05-25 02:02 . 2014-05-25 02:03 -------- d-----w- c:\users\James_2\AppData\Local\VirtualStore
2014-05-25 01:55 . 2014-05-25 01:55 -------- d-----w- c:\programdata\Licenses
2014-05-25 01:55 . 2014-05-25 02:51 -------- d-----w- c:\program files (x86)\SpywareBlaster
2014-05-25 01:05 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-25 01:04 . 2014-05-25 04:15 -------- d-----w- C:\AdwCleaner
2014-05-24 03:45 . 2014-05-24 03:45 -------- d-----w- c:\program files (x86)\GPU-Z
2014-05-23 10:59 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA5FC8C6-2743-4CB9-9F50-9D7FB04C2B59}\mpengine.dll
2014-05-21 02:09 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsocce22.rra
2014-05-21 02:09 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\verscde4.rra
2014-05-21 02:09 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfocdb5.rra
2014-05-21 02:09 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advpcd77.rra
2014-05-21 02:08 . 2014-05-21 02:08 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-05-21 02:08 . 2014-05-21 02:08 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-05-21 02:08 . 2003-09-03 06:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-05-21 02:08 . 2003-09-03 06:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-05-21 02:08 . 2003-09-03 06:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-05-21 02:08 . 2003-09-03 06:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-05-21 02:08 . 2003-09-03 06:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-05-21 00:12 . 2014-05-25 02:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-21 00:12 . 2014-05-21 00:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-21 00:12 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-21 00:12 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 17:01 . 2014-05-18 17:01 -------- d-----w- c:\users\James_2\AppData\Roaming\DarkSoulsII
2014-05-16 13:31 . 2014-05-16 13:31 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-05-16 13:31 . 2014-05-16 13:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2014-05-15 00:00 . 2014-05-15 00:00 -------- d-----w- c:\users\James_2\AppData\Roaming\DropboxMaster
2014-05-14 11:31 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 11:31 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 11:31 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 11:31 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 11:31 . 2014-05-14 11:31 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-14 11:30 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-14 11:30 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-05-14 11:30 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-05-14 11:30 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-05-14 11:30 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-05-14 11:30 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-14 11:04 . 2014-03-04 09:44 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-11 16:56 . 2001-10-30 11:57 509712 ----a-w- c:\windows\SysWow64\temp.006
2014-05-11 16:56 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.005
2014-05-11 16:56 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.003
2014-05-11 16:56 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.001
2014-05-11 16:56 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.000
2014-05-11 16:56 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.002
2014-05-11 16:56 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.004
2014-05-09 22:45 . 2014-05-09 22:49 -------- d-----w- c:\programdata\Amazon
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 21:31 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-05-06 21:31 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-05-06 11:45 . 2014-05-14 11:36 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-01 17:33 . 2014-05-01 17:33 -------- d-sh--w- c:\users\James_2\AppData\Local\EmieUserList
2014-05-01 17:33 . 2014-05-01 17:33 -------- d-sh--w- c:\users\James_2\AppData\Local\EmieSiteList
2014-05-01 13:42 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc52ea.rra
2014-05-01 13:42 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers52cb.rra
2014-05-01 13:42 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo529c.rra
2014-05-01 13:42 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp51f0.rra
2014-05-01 13:12 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc3db5.rra
2014-05-01 13:12 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers3da5.rra
2014-05-01 13:12 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo3da5.rra
2014-05-01 13:12 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp3d95.rra
2014-05-01 13:10 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc390b.rra
2014-05-01 13:10 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers38fb.rra
2014-05-01 13:10 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo38ec.rra
2014-05-01 13:10 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp38cd.rra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-24 12:18 . 2007-08-22 00:46 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2014-05-18 12:47 . 2012-04-01 16:21 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-18 12:47 . 2011-05-16 21:13 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 11:27 . 2011-12-21 02:55 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:25 . 2011-07-15 23:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 18:29 . 2013-10-30 00:18 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-10-30 00:18 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-22 23:00 . 2014-04-22 23:00 1057792 ----a-r- c:\users\James_2\AppData\Roaming\Microsoft\Installer\{59B1995D-81FD-4B78-A0BE-94A0E90B6AE8}\StartMenuIcon.exe
2014-04-17 23:05 . 2014-04-17 23:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 16:42 . 2013-08-09 20:43 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-31 13:35 . 2010-05-28 04:23 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-10 22:17 . 2014-01-20 12:06 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-09 14:44 . 2014-02-28 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-09 14:44 . 2012-12-25 18:34 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-07 18:02 . 2014-02-28 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-06 09:31 . 2014-04-22 11:50 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-22 11:50 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-22 11:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-22 11:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-22 11:50 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-22 11:50 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-22 11:50 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-22 11:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-22 11:50 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-22 11:50 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-22 11:50 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-22 11:50 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-22 11:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-22 11:50 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-22 11:50 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-22 11:50 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-22 11:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-22 11:50 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-22 11:50 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-22 11:50 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-22 11:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-22 11:50 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-22 11:50 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-22 11:50 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-22 11:50 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-22 11:50 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-22 11:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-22 11:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-22 11:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-22 11:50 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-22 11:50 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-22 11:50 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-22 11:50 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2014-04-18 12:23 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-04-18 12:23 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2014-04-18 12:13 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-04-18 12:13 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-04-18 12:13 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-04-18 12:13 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-04-18 12:13 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-04-18 12:13 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-04-18 12:13 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-04-18 12:13 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-04-18 12:13 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-04-18 12:13 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-04-18 12:13 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-04-18 12:13 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-04-18 12:13 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-04-18 12:13 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-04-18 12:13 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-04-18 12:13 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-04-18 12:13 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-18 12:13 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-04-18 12:13 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-04-18 12:13 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-18 12:13 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-04-18 12:13 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-04-18 12:13 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-04-18 12:13 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-04-18 12:13 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-04-18 12:13 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-04-18 12:13 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-04-18 12:13 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-04-18 12:13 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-04-18 12:13 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-04-18 12:13 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 13:06 . 2014-04-18 12:23 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-04-18 12:23 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-04-18 12:23 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-04-18 12:23 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-04-18 12:23 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-04-18 12:23 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-04-18 12:23 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-08 22:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 22:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 22:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 22:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 22:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-08 22:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 22:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 22:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 22:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2010-11-20 . 82CB6C113DD2F8C1C8EB9DBC9F53B1D9 . 520192 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"feedreader.exe"="c:\program files (x86)\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"Pinnacle Game Profiler"="c:\program files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" [2014-05-02 3829760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-19 3568312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-7 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 netr7364;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [x]
R4 CAMWorks License Server;CAMWorks License Server;c:\camworksflexlm\lmgrd.exe;c:\camworksflexlm\lmgrd.exe [x]
R4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
R4 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x]
R4 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:47]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 12:30]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 12:30]
.
2014-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core.job
- c:\users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 22:12]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA.job
- c:\users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-19 14:01 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\James_2\AppData\Roaming\Mozilla\Firefox\Profiles\v07rkaqs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-27638479.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-HASP HL Device Driver - c:\windows\System32\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-419854314-1677918223-1613990488-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{335235B8-CD71-0157-D388-B75126D7E5C8}*]
"iaidhgihmpgfbfhbnn"=hex:6a,61,6d,6f,61,64,63,6a,70,62,70,62,6d,65,6d,6b,64,6c,
6b,69,00,ff
"haodaohpofcklhgi"=hex:6a,61,6d,6f,61,64,63,6a,70,62,70,62,6d,65,6d,6b,64,6c,
6b,69,00,01
.
[HKEY_USERS\S-1-5-21-419854314-1677918223-1613990488-1008\Software\SecuROM\License information*]
"datasecu"=hex:dc,ce,5d,33,72,46,e6,71,4c,a5,d1,5f,1c,6b,5d,a1,23,44,1f,b2,33,
b6,0c,38,e1,48,55,d6,1f,2e,39,d3,b3,0e,be,f0,cf,cc,f9,54,a5,43,84,b1,25,e9,\
"rkeysecu"=hex:09,a6,27,8a,dc,e1,94,2d,7b,b6,46,c0,04,92,88,b3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-25 00:36:30 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-25 04:36
.
Pre-Run: 284,750,471,168 bytes free
Post-Run: 284,117,004,288 bytes free
.
- - End Of File - - 6325BA9515BDBA08ED6DE25CA7ECC352
A36C5E4F47E84449FF07ED3517B43A31



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 28 May 2014 - 02:36 PM

Hi Malren

I assume you still have ComboFix on your system. If not, please download Combofix from one of the following locations:

Please open Notepad (Through Start Menu -> Accessories -> Notepad) and copy/paste this code into notepad, exactly as it is: (DON'T include the 'Quote:')
 

KILLALL::

File::
c:\windows\SysWow64\wsocce22.rra
c:\windows\SysWow64\verscde4.rra
c:\windows\SysWow64\shfocdb5.rra
c:\windows\SysWow64\advpcd77.rra
c:\windows\SysWow64\temp.006
c:\windows\SysWow64\temp.005
c:\windows\SysWow64\temp.003
c:\windows\SysWow64\temp.001
c:\windows\SysWow64\temp.000
c:\windows\SysWow64\temp.002
c:\windows\SysWow64\temp.004
c:\windows\SysWow64\wsoc52ea.rra
c:\windows\SysWow64\vers52cb.rra
c:\windows\SysWow64\shfo529c.rra
c:\windows\SysWow64\advp51f0.rra
c:\windows\SysWow64\wsoc3db5.rra
c:\windows\SysWow64\vers3da5.rra
c:\windows\SysWow64\shfo3da5.rra
c:\windows\SysWow64\advp3d95.rra
c:\windows\SysWow64\wsoc390b.rra
c:\windows\SysWow64\vers38fb.rra
c:\windows\SysWow64\shfo38ec.rra
c:\windows\SysWow64\advp38cd.rra

DirLook::
C:\PCFIX

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll | c:\windows\system32\rpcss.dll

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0

RegNull::
[HKEY_USERS\S-1-5-21-419854314-1677918223-1613990488-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{335235B8-CD71-0157-D388-B75126D7E5C8}*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

JavaClearCache::

Reboot::


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Make sure your Anti-Virus is disabled while we do this. You can disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, please read this.

CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When the scan finished, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.

Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered. After a few minutes, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2

and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Vista/Win7 users should right-click and select Run As Administrator.

    tdss1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.

    tdss2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    tdss3.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    tdss4.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.
     

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 Malren

Malren
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 28 May 2014 - 05:51 PM

Okay, here we go.

 

Combofix:

 

ComboFix 14-05-27.02 - James_2 05/28/2014 18:27:20.5.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5943 [GMT -4:00]
Running from: c:\users\James_2\Desktop\ComboFix.exe
Command switches used :: c:\users\James_2\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWow64\advp38cd.rra"
"c:\windows\SysWow64\advp3d95.rra"
"c:\windows\SysWow64\advp51f0.rra"
"c:\windows\SysWow64\advpcd77.rra"
"c:\windows\SysWow64\shfo38ec.rra"
"c:\windows\SysWow64\shfo3da5.rra"
"c:\windows\SysWow64\shfo529c.rra"
"c:\windows\SysWow64\shfocdb5.rra"
"c:\windows\SysWow64\temp.000"
"c:\windows\SysWow64\temp.001"
"c:\windows\SysWow64\temp.002"
"c:\windows\SysWow64\temp.003"
"c:\windows\SysWow64\temp.004"
"c:\windows\SysWow64\temp.005"
"c:\windows\SysWow64\temp.006"
"c:\windows\SysWow64\vers38fb.rra"
"c:\windows\SysWow64\vers3da5.rra"
"c:\windows\SysWow64\vers52cb.rra"
"c:\windows\SysWow64\verscde4.rra"
"c:\windows\SysWow64\wsoc390b.rra"
"c:\windows\SysWow64\wsoc3db5.rra"
"c:\windows\SysWow64\wsoc52ea.rra"
"c:\windows\SysWow64\wsocce22.rra"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --> c:\windows\system32\rpcss.dll
.
((((((((((((((((((((((((( Files Created from 2014-04-28 to 2014-05-28 )))))))))))))))))))))))))))))))
.
.
2014-05-28 22:35 . 2014-05-28 22:35 -------- d-----w- c:\users\test\AppData\Local\temp
2014-05-28 22:35 . 2014-05-28 22:35 -------- d-----w- c:\users\Lo Res Test\AppData\Local\temp
2014-05-28 22:35 . 2014-05-28 22:35 -------- d-----w- c:\users\James\AppData\Local\temp
2014-05-28 22:35 . 2014-05-28 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-28 22:35 . 2014-05-28 22:35 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2014-05-27 22:41 . 2014-05-27 22:43 -------- d-----w- C:\AdwCleaner
2014-05-26 13:18 . 2012-11-02 18:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-05-26 13:17 . 2014-05-26 17:00 -------- d-----w- c:\program files\Bitdefender
2014-05-26 13:04 . 2014-05-26 13:17 -------- d-----w- c:\users\James_2\AppData\Roaming\QuickScan
2014-05-26 13:01 . 2014-05-26 13:01 -------- d-----w- c:\program files (x86)\SpywareBlaster
2014-05-26 03:52 . 2014-05-26 03:53 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-26 03:52 . 2014-05-26 03:52 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-26 03:52 . 2014-05-26 03:52 43152 ----a-w- c:\windows\avastSS.scr
2014-05-25 14:19 . 2014-05-25 14:19 -------- d-----w- c:\windows\ERUNT
2014-05-25 13:53 . 2014-05-25 13:54 -------- d-----w- C:\FRST
2014-05-25 13:04 . 2014-05-25 13:04 -------- d-----w- c:\users\James_2\AppData\Local\CrashDumps
2014-05-25 13:03 . 2014-05-25 13:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-25 13:03 . 2014-05-25 13:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-25 05:07 . 2014-05-25 05:07 313256 ----a-w- c:\windows\system32\javaws.exe
2014-05-25 05:07 . 2014-05-25 05:07 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-25 05:07 . 2014-05-25 05:07 189352 ----a-w- c:\windows\system32\javaw.exe
2014-05-25 05:07 . 2014-05-25 05:07 189352 ----a-w- c:\windows\system32\java.exe
2014-05-25 04:39 . 2014-05-25 05:11 -------- d-----w- c:\program files (x86)\Revo Group
2014-05-25 03:48 . 2014-05-25 13:05 -------- d-----w- C:\PCFIX
2014-05-25 02:02 . 2014-05-27 01:06 -------- d-----w- c:\users\James_2\AppData\Local\VirtualStore
2014-05-25 01:55 . 2014-05-25 01:55 -------- d-----w- c:\programdata\Licenses
2014-05-25 01:05 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-24 03:45 . 2014-05-24 03:45 -------- d-----w- c:\program files (x86)\GPU-Z
2014-05-21 02:09 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsocce22.rra
2014-05-21 02:09 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\verscde4.rra
2014-05-21 02:09 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfocdb5.rra
2014-05-21 02:09 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advpcd77.rra
2014-05-21 02:08 . 2014-05-21 02:08 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-05-21 02:08 . 2014-05-21 02:08 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-05-21 02:08 . 2003-09-03 06:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-05-21 02:08 . 2003-09-03 06:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-05-21 02:08 . 2003-09-03 06:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-05-21 02:08 . 2003-09-03 06:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-05-21 02:08 . 2003-09-03 06:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-05-21 00:12 . 2014-05-26 04:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-21 00:12 . 2014-05-21 00:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-21 00:12 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-21 00:12 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 17:01 . 2014-05-18 17:01 -------- d-----w- c:\users\James_2\AppData\Roaming\DarkSoulsII
2014-05-16 13:31 . 2014-05-16 13:31 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-05-16 13:31 . 2014-05-16 13:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2014-05-15 00:00 . 2014-05-28 22:07 -------- d-----w- c:\users\James_2\AppData\Roaming\DropboxMaster
2014-05-14 11:31 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 11:31 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 11:31 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 11:31 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 11:31 . 2014-05-14 11:31 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-14 11:30 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-14 11:30 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-05-14 11:30 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-05-14 11:30 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-05-14 11:30 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-05-14 11:30 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-14 11:04 . 2014-03-04 09:44 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-11 16:56 . 2001-10-30 11:57 509712 ----a-w- c:\windows\SysWow64\temp.006
2014-05-11 16:56 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.005
2014-05-11 16:56 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.003
2014-05-11 16:56 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.001
2014-05-11 16:56 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.000
2014-05-11 16:56 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.002
2014-05-11 16:56 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.004
2014-05-09 22:45 . 2014-05-09 22:49 -------- d-----w- c:\programdata\Amazon
2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 21:31 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-05-06 21:31 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-05-06 11:45 . 2014-05-14 11:36 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-01 17:33 . 2014-05-01 17:33 -------- d-sh--w- c:\users\James_2\AppData\Local\EmieUserList
2014-05-01 17:33 . 2014-05-01 17:33 -------- d-sh--w- c:\users\James_2\AppData\Local\EmieSiteList
2014-05-01 13:42 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc52ea.rra
2014-05-01 13:42 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers52cb.rra
2014-05-01 13:42 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo529c.rra
2014-05-01 13:42 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp51f0.rra
2014-05-01 13:12 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc3db5.rra
2014-05-01 13:12 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers3da5.rra
2014-05-01 13:12 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo3da5.rra
2014-05-01 13:12 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp3d95.rra
2014-05-01 13:10 . 2009-07-14 01:16 15360 ----a-w- c:\windows\SysWow64\wsoc390b.rra
2014-05-01 13:10 . 2009-07-14 01:16 21504 ----a-w- c:\windows\SysWow64\vers38fb.rra
2014-05-01 13:10 . 2009-07-14 01:16 7168 ----a-w- c:\windows\SysWow64\shfo38ec.rra
2014-05-01 13:10 . 2009-07-14 01:14 126464 ----a-w- c:\windows\SysWow64\advp38cd.rra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-28 10:50 . 2007-08-22 00:46 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2014-05-26 03:53 . 2011-07-15 23:31 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-26 03:53 . 2011-07-15 23:31 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-26 03:52 . 2013-03-13 20:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-26 03:52 . 2013-03-13 20:31 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-26 03:52 . 2011-07-15 23:31 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-26 03:52 . 2011-01-15 02:46 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-26 03:52 . 2012-02-25 02:47 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-18 12:47 . 2012-04-01 16:21 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-18 12:47 . 2011-05-16 21:13 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 11:27 . 2011-12-21 02:55 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:25 . 2011-07-15 23:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 23:20 . 2014-05-23 10:59 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA5FC8C6-2743-4CB9-9F50-9D7FB04C2B59}\mpengine.dll
2014-04-30 18:29 . 2013-10-30 00:18 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-10-30 00:18 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-22 23:00 . 2014-04-22 23:00 1057792 ----a-r- c:\users\James_2\AppData\Roaming\Microsoft\Installer\{59B1995D-81FD-4B78-A0BE-94A0E90B6AE8}\StartMenuIcon.exe
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 16:42 . 2013-08-09 20:43 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-31 13:35 . 2010-05-28 04:23 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-10 22:17 . 2014-01-20 12:06 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-09 14:44 . 2014-02-28 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-09 14:44 . 2012-12-25 18:34 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-07 18:02 . 2014-02-28 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-06 09:31 . 2014-04-22 11:50 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-22 11:50 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-22 11:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-22 11:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-22 11:50 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-22 11:50 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-22 11:50 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-22 11:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-22 11:50 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-22 11:50 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-22 11:50 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-22 11:50 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-22 11:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-22 11:50 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-22 11:50 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-22 11:50 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-22 11:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-22 11:50 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-22 11:50 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-22 11:50 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-22 11:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-22 11:50 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-22 11:50 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-22 11:50 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-22 11:50 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-22 11:50 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-22 11:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-22 11:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-22 11:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-22 11:50 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-22 11:50 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-22 11:50 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-22 11:50 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2014-04-18 12:23 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-04-18 12:23 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2014-04-18 12:13 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-04-18 12:13 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-04-18 12:13 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-04-18 12:13 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-04-18 12:13 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-04-18 12:13 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-04-18 12:13 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-04-18 12:13 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-04-18 12:13 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-04-18 12:13 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-04-18 12:13 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-04-18 12:13 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-04-18 12:13 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-04-18 12:13 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-04-18 12:13 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-04-18 12:13 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-04-18 12:13 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-18 12:13 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-04-18 12:13 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-04-18 12:13 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-18 12:13 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-04-18 12:13 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-04-18 12:13 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-04-18 12:13 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-04-18 12:13 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-04-18 12:13 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-04-18 12:13 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-04-18 12:13 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-04-18 12:13 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-04-18 12:13 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-04-18 12:13 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 13:06 . 2014-04-18 12:23 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-04-18 12:23 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-04-18 12:23 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-04-18 12:23 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-04-18 12:23 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-04-18 12:23 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-04-18 12:23 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-08 22:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 22:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 22:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\PCFIX ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"feedreader.exe"="c:\program files (x86)\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"Pinnacle Game Profiler"="c:\program files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" [2014-05-02 3829760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-26 3888648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [x]
R4 CAMWorks License Server;CAMWorks License Server;c:\camworksflexlm\lmgrd.exe;c:\camworksflexlm\lmgrd.exe [x]
R4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
R4 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x]
R4 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswTdi
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:47]
.
2014-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 12:30]
.
2014-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 12:30]
.
2014-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core.job
- c:\users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 22:12]
.
2014-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA.job
- c:\users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-26 03:52 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\James_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\James_2\AppData\Roaming\Mozilla\Firefox\Profiles\v07rkaqs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-419854314-1677918223-1613990488-1008\Software\SecuROM\License information*]
"datasecu"=hex:dc,ce,5d,33,72,46,e6,71,4c,a5,d1,5f,1c,6b,5d,a1,23,44,1f,b2,33,
b6,0c,38,e1,48,55,d6,1f,2e,39,d3,b3,0e,be,f0,cf,cc,f9,54,a5,43,84,b1,25,e9,\
"rkeysecu"=hex:09,a6,27,8a,dc,e1,94,2d,7b,b6,46,c0,04,92,88,b3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2014-05-28 18:45:53 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-28 22:45
ComboFix2.txt 2014-05-25 04:36
.
Pre-Run: 278,879,932,416 bytes free
Post-Run: 278,542,843,904 bytes free
.
- - End Of File - - CAD0EA4AAE11F3B8DB7DA5B78A852CEE
A36C5E4F47E84449FF07ED3517B43A31

 

 

TDSSKiller:

 

18:48:08.0808 0x0e78 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
18:48:16.0058 0x0e78 ============================================================
18:48:16.0058 0x0e78 Current date / time: 2014/05/28 18:48:16.0058
18:48:16.0058 0x0e78 SystemInfo:
18:48:16.0058 0x0e78
18:48:16.0058 0x0e78 OS Version: 6.1.7601 ServicePack: 1.0
18:48:16.0058 0x0e78 Product type: Workstation
18:48:16.0058 0x0e78 ComputerName: JAMES-PC
18:48:16.0058 0x0e78 UserName: James_2
18:48:16.0058 0x0e78 Windows directory: C:\Windows
18:48:16.0058 0x0e78 System windows directory: C:\Windows
18:48:16.0058 0x0e78 Running under WOW64
18:48:16.0058 0x0e78 Processor architecture: Intel x64
18:48:16.0058 0x0e78 Number of processors: 4
18:48:16.0058 0x0e78 Page size: 0x1000
18:48:16.0058 0x0e78 Boot type: Normal boot
18:48:16.0058 0x0e78 ============================================================
18:48:17.0636 0x0e78 KLMD registered as C:\Windows\system32\drivers\96336491.sys
18:48:17.0730 0x0e78 System UUID: {9E75605E-1E3D-FFD4-6F7D-897BBFE048EE}
18:48:18.0105 0x0e78 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:48:18.0121 0x0e78 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:48:18.0121 0x0e78 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:48:18.0136 0x0e78 ============================================================
18:48:18.0136 0x0e78 \Device\Harddisk1\DR1:
18:48:18.0136 0x0e78 MBR partitions:
18:48:18.0136 0x0e78 \Device\Harddisk0\DR0:
18:48:18.0136 0x0e78 MBR partitions:
18:48:18.0136 0x0e78 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:48:18.0136 0x0e78 \Device\Harddisk2\DR2:
18:48:18.0152 0x0e78 MBR partitions:
18:48:18.0152 0x0e78 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:48:18.0152 0x0e78 ============================================================
18:48:18.0152 0x0e78 B: <-> \Device\Harddisk0\DR0\Partition1
18:48:18.0167 0x0e78 F: <-> \Device\Harddisk2\DR2\Partition1
18:48:18.0167 0x0e78 ============================================================
18:48:18.0167 0x0e78 Initialize success
18:48:18.0167 0x0e78 ============================================================
18:48:29.0121 0x10fc ============================================================
18:48:29.0121 0x10fc Scan started
18:48:29.0121 0x10fc Mode: Manual;
18:48:29.0121 0x10fc ============================================================
18:48:29.0121 0x10fc KSN ping started
18:48:31.0949 0x10fc KSN ping finished: true
18:48:32.0214 0x10fc ================ Scan system memory ========================
18:48:32.0214 0x10fc System memory - ok
18:48:32.0214 0x10fc ================ Scan services =============================
18:48:32.0214 0x10fc !SASCORE - ok
18:48:32.0246 0x10fc 1394ohci - ok
18:48:32.0261 0x10fc ACPI - ok
18:48:32.0261 0x10fc AcpiPmi - ok
18:48:32.0277 0x10fc AdobeARMservice - ok
18:48:32.0277 0x10fc AdobeFlashPlayerUpdateSvc - ok
18:48:32.0292 0x10fc adp94xx - ok
18:48:32.0292 0x10fc adpahci - ok
18:48:32.0292 0x10fc adpu320 - ok
18:48:32.0292 0x10fc AeLookupSvc - ok
18:48:32.0308 0x10fc AFD - ok
18:48:32.0308 0x10fc agp440 - ok
18:48:32.0308 0x10fc ALG - ok
18:48:32.0308 0x10fc aliide - ok
18:48:32.0324 0x10fc amdide - ok
18:48:32.0324 0x10fc AmdK8 - ok
18:48:32.0324 0x10fc AmdPPM - ok
18:48:32.0324 0x10fc amdsata - ok
18:48:32.0324 0x10fc amdsbs - ok
18:48:32.0339 0x10fc amdxata - ok
18:48:32.0339 0x10fc anvsnddrv - ok
18:48:32.0355 0x10fc AppID - ok
18:48:32.0355 0x10fc AppIDSvc - ok
18:48:32.0355 0x10fc Appinfo - ok
18:48:32.0355 0x10fc Apple Mobile Device - ok
18:48:32.0371 0x10fc AppMgmt - ok
18:48:32.0371 0x10fc arc - ok
18:48:32.0371 0x10fc arcsas - ok
18:48:32.0371 0x10fc aspnet_state - ok
18:48:32.0386 0x10fc aswHwid - ok
18:48:32.0386 0x10fc aswMonFlt - ok
18:48:32.0402 0x10fc aswRdr - ok
18:48:32.0417 0x10fc aswRvrt - ok
18:48:32.0417 0x10fc aswSnx - ok
18:48:32.0417 0x10fc aswSP - ok
18:48:32.0433 0x10fc aswStm - ok
18:48:32.0433 0x10fc aswVmm - ok
18:48:32.0433 0x10fc AsyncMac - ok
18:48:32.0449 0x10fc atapi - ok
18:48:32.0449 0x10fc atksgt - ok
18:48:32.0464 0x10fc ATT MAHostService - ok
18:48:32.0480 0x10fc AudioEndpointBuilder - ok
18:48:32.0480 0x10fc AudioSrv - ok
18:48:32.0480 0x10fc avast! Antivirus - ok
18:48:32.0480 0x10fc AxInstSV - ok
18:48:32.0480 0x10fc b06bdrv - ok
18:48:32.0496 0x10fc b57nd60a - ok
18:48:32.0496 0x10fc BDESVC - ok
18:48:32.0496 0x10fc Beep - ok
18:48:32.0511 0x10fc BFE - ok
18:48:32.0511 0x10fc BITS - ok
18:48:32.0511 0x10fc blbdrive - ok
18:48:32.0527 0x10fc Bonjour Service - ok
18:48:32.0527 0x10fc bowser - ok
18:48:32.0527 0x10fc BrFiltLo - ok
18:48:32.0527 0x10fc BrFiltUp - ok
18:48:32.0527 0x10fc BridgeMP - ok
18:48:32.0542 0x10fc Browser - ok
18:48:32.0542 0x10fc Brserid - ok
18:48:32.0542 0x10fc BrSerWdm - ok
18:48:32.0542 0x10fc BrUsbMdm - ok
18:48:32.0542 0x10fc BrUsbSer - ok
18:48:32.0558 0x10fc BTHMODEM - ok
18:48:32.0558 0x10fc bthserv - ok
18:48:32.0558 0x10fc CAMWorks License Server - ok
18:48:32.0558 0x10fc catchme - ok
18:48:32.0574 0x10fc cdfs - ok
18:48:32.0574 0x10fc cdrom - ok
18:48:32.0574 0x10fc CertPropSvc - ok
18:48:32.0574 0x10fc circlass - ok
18:48:32.0574 0x10fc CLFS - ok
18:48:32.0589 0x10fc clr_optimization_v2.0.50727_32 - ok
18:48:32.0589 0x10fc clr_optimization_v2.0.50727_64 - ok
18:48:32.0589 0x10fc clr_optimization_v4.0.30319_32 - ok
18:48:32.0589 0x10fc clr_optimization_v4.0.30319_64 - ok
18:48:32.0589 0x10fc CmBatt - ok
18:48:32.0605 0x10fc cmdide - ok
18:48:32.0605 0x10fc CNG - ok
18:48:32.0605 0x10fc Compbatt - ok
18:48:32.0605 0x10fc CompositeBus - ok
18:48:32.0605 0x10fc COMSysApp - ok
18:48:32.0621 0x10fc CoordinatorServiceHost - ok
18:48:32.0621 0x10fc crcdisk - ok
18:48:32.0621 0x10fc CryptSvc - ok
18:48:32.0621 0x10fc CSC - ok
18:48:32.0636 0x10fc CscService - ok
18:48:32.0636 0x10fc DcomLaunch - ok
18:48:32.0636 0x10fc defragsvc - ok
18:48:32.0636 0x10fc Desura Install Service - ok
18:48:32.0636 0x10fc DfsC - ok
18:48:32.0652 0x10fc Dhcp - ok
18:48:32.0652 0x10fc discache - ok
18:48:32.0652 0x10fc Disk - ok
18:48:32.0652 0x10fc Dnscache - ok
18:48:32.0652 0x10fc dot3svc - ok
18:48:32.0667 0x10fc DPS - ok
18:48:32.0667 0x10fc drmkaud - ok
18:48:32.0667 0x10fc DXGKrnl - ok
18:48:32.0667 0x10fc EapHost - ok
18:48:32.0667 0x10fc ebdrv - ok
18:48:32.0683 0x10fc EFS - ok
18:48:32.0683 0x10fc ehRecvr - ok
18:48:32.0683 0x10fc ehSched - ok
18:48:32.0683 0x10fc elxstor - ok
18:48:32.0683 0x10fc ErrDev - ok
18:48:32.0699 0x10fc EventSystem - ok
18:48:32.0699 0x10fc exfat - ok
18:48:32.0699 0x10fc fastfat - ok
18:48:32.0699 0x10fc Fax - ok
18:48:32.0714 0x10fc fdc - ok
18:48:32.0714 0x10fc fdPHost - ok
18:48:32.0714 0x10fc FDResPub - ok
18:48:32.0714 0x10fc FileInfo - ok
18:48:32.0714 0x10fc Filetrace - ok
18:48:32.0730 0x10fc FLASHSYS - ok
18:48:32.0730 0x10fc FLEXnet Licensing Service - ok
18:48:32.0730 0x10fc FLEXnet Licensing Service 64 - ok
18:48:32.0730 0x10fc flpydisk - ok
18:48:32.0730 0x10fc FltMgr - ok
18:48:32.0746 0x10fc FontCache - ok
18:48:32.0746 0x10fc FontCache3.0.0.0 - ok
18:48:32.0746 0x10fc ForceWare Intelligent Application Manager (IAM) - ok
18:48:32.0761 0x10fc FsDepends - ok
18:48:32.0761 0x10fc fssfltr - ok
18:48:32.0761 0x10fc fsssvc - ok
18:48:32.0761 0x10fc Fs_Rec - ok
18:48:32.0761 0x10fc fvevol - ok
18:48:32.0777 0x10fc gagp30kx - ok
18:48:32.0777 0x10fc Garmin Core Update Service - ok
18:48:32.0777 0x10fc GEARAspiWDM - ok
18:48:32.0777 0x10fc gpsvc - ok
18:48:32.0792 0x10fc gupdate - ok
18:48:32.0792 0x10fc gupdatem - ok
18:48:32.0792 0x10fc hcw85cir - ok
18:48:32.0792 0x10fc HdAudAddService - ok
18:48:32.0808 0x10fc HDAudBus - ok
18:48:32.0808 0x10fc HidBatt - ok
18:48:32.0808 0x10fc HidBth - ok
18:48:32.0808 0x10fc HidIr - ok
18:48:32.0808 0x10fc hidserv - ok
18:48:32.0824 0x10fc HidUsb - ok
18:48:32.0824 0x10fc hkmsvc - ok
18:48:32.0824 0x10fc HomeGroupListener - ok
18:48:32.0824 0x10fc HomeGroupProvider - ok
18:48:32.0824 0x10fc HpSAMD - ok
18:48:32.0839 0x10fc HTTP - ok
18:48:32.0839 0x10fc hwpolicy - ok
18:48:32.0839 0x10fc i8042prt - ok
18:48:32.0839 0x10fc iaStorV - ok
18:48:32.0839 0x10fc IDriverT - ok
18:48:32.0855 0x10fc idsvc - ok
18:48:32.0871 0x10fc IEEtwCollectorService - ok
18:48:32.0871 0x10fc iirsp - ok
18:48:32.0871 0x10fc IKEEXT - ok
18:48:32.0886 0x10fc intelide - ok
18:48:32.0886 0x10fc intelppm - ok
18:48:32.0886 0x10fc IntuitUpdateService - ok
18:48:32.0886 0x10fc IntuitUpdateServiceV4 - ok
18:48:32.0886 0x10fc IPBusEnum - ok
18:48:32.0902 0x10fc IpFilterDriver - ok
18:48:32.0902 0x10fc iphlpsvc - ok
18:48:32.0902 0x10fc IPMIDRV - ok
18:48:32.0902 0x10fc IPNAT - ok
18:48:32.0902 0x10fc iPod Service - ok
18:48:32.0917 0x10fc IRENUM - ok
18:48:32.0917 0x10fc isapnp - ok
18:48:32.0917 0x10fc iScsiPrt - ok
18:48:32.0917 0x10fc kbdclass - ok
18:48:32.0917 0x10fc kbdhid - ok
18:48:32.0933 0x10fc KeyIso - ok
18:48:32.0933 0x10fc KSecDD - ok
18:48:32.0933 0x10fc KSecPkg - ok
18:48:32.0933 0x10fc ksthunk - ok
18:48:32.0933 0x10fc KtmRm - ok
18:48:32.0949 0x10fc LADF_DHP2 - ok
18:48:32.0949 0x10fc LADF_SBVM - ok
18:48:32.0949 0x10fc LanmanServer - ok
18:48:32.0949 0x10fc LanmanWorkstation - ok
18:48:32.0949 0x10fc LBTServ - ok
18:48:32.0964 0x10fc LEqdUsb - ok
18:48:32.0964 0x10fc LHidEqd - ok
18:48:32.0964 0x10fc LHidFilt - ok
18:48:32.0964 0x10fc lirsgt - ok
18:48:32.0980 0x10fc lltdio - ok
18:48:32.0980 0x10fc lltdsvc - ok
18:48:32.0980 0x10fc lmhosts - ok
18:48:32.0980 0x10fc LMouFilt - ok
18:48:32.0980 0x10fc LSI_FC - ok
18:48:32.0996 0x10fc LSI_SAS - ok
18:48:32.0996 0x10fc LSI_SAS2 - ok
18:48:32.0996 0x10fc LSI_SCSI - ok
18:48:32.0996 0x10fc luafv - ok
18:48:32.0996 0x10fc Mcx2Svc - ok
18:48:33.0011 0x10fc megasas - ok
18:48:33.0011 0x10fc MegaSR - ok
18:48:33.0011 0x10fc MMCSS - ok
18:48:33.0011 0x10fc Modem - ok
18:48:33.0011 0x10fc monitor - ok
18:48:33.0027 0x10fc mouclass - ok
18:48:33.0027 0x10fc mouhid - ok
18:48:33.0027 0x10fc mountmgr - ok
18:48:33.0027 0x10fc MozillaMaintenance - ok
18:48:33.0042 0x10fc mpio - ok
18:48:33.0042 0x10fc mpsdrv - ok
18:48:33.0042 0x10fc MpsSvc - ok
18:48:33.0042 0x10fc MREMP50 - ok
18:48:33.0042 0x10fc MREMP50a64 - ok
18:48:33.0058 0x10fc MRESP50 - ok
18:48:33.0058 0x10fc MRESP50a64 - ok
18:48:33.0058 0x10fc MRxDAV - ok
18:48:33.0058 0x10fc mrxsmb - ok
18:48:33.0058 0x10fc mrxsmb10 - ok
18:48:33.0074 0x10fc mrxsmb20 - ok
18:48:33.0074 0x10fc msahci - ok
18:48:33.0074 0x10fc msdsm - ok
18:48:33.0074 0x10fc MSDTC - ok
18:48:33.0089 0x10fc Msfs - ok
18:48:33.0089 0x10fc mshidkmdf - ok
18:48:33.0089 0x10fc msisadrv - ok
18:48:33.0089 0x10fc MSiSCSI - ok
18:48:33.0089 0x10fc msiserver - ok
18:48:33.0089 0x10fc MSKSSRV - ok
18:48:33.0105 0x10fc MSPCLOCK - ok
18:48:33.0105 0x10fc MSPQM - ok
18:48:33.0105 0x10fc MsRPC - ok
18:48:33.0105 0x10fc mssmbios - ok
18:48:33.0136 0x10fc MSTEE - ok
18:48:33.0136 0x10fc MTConfig - ok
18:48:33.0136 0x10fc Mup - ok
18:48:33.0152 0x10fc napagent - ok
18:48:33.0152 0x10fc NativeWifiP - ok
18:48:33.0152 0x10fc NDIS - ok
18:48:33.0152 0x10fc NdisCap - ok
18:48:33.0152 0x10fc NdisTapi - ok
18:48:33.0167 0x10fc Ndisuio - ok
18:48:33.0167 0x10fc NdisWan - ok
18:48:33.0167 0x10fc NDProxy - ok
18:48:33.0167 0x10fc NetBIOS - ok
18:48:33.0167 0x10fc NetBT - ok
18:48:33.0183 0x10fc Netlogon - ok
18:48:33.0183 0x10fc Netman - ok
18:48:33.0183 0x10fc NetMsmqActivator - ok
18:48:33.0183 0x10fc NetPipeActivator - ok
18:48:33.0183 0x10fc netprofm - ok
18:48:33.0199 0x10fc netr7364 - ok
18:48:33.0199 0x10fc NetTcpActivator - ok
18:48:33.0199 0x10fc NetTcpPortSharing - ok
18:48:33.0199 0x10fc nfrd960 - ok
18:48:33.0199 0x10fc NlaSvc - ok
18:48:33.0214 0x10fc Npfs - ok
18:48:33.0214 0x10fc nsi - ok
18:48:33.0214 0x10fc nsiproxy - ok
18:48:33.0214 0x10fc nSvcIp - ok
18:48:33.0214 0x10fc Ntfs - ok
18:48:33.0230 0x10fc Null - ok
18:48:33.0230 0x10fc NVENETFD - ok
18:48:33.0230 0x10fc NVHDA - ok
18:48:33.0230 0x10fc nvlddmkm - ok
18:48:33.0230 0x10fc NVNET - ok
18:48:33.0246 0x10fc NvNetworkService - ok
18:48:33.0246 0x10fc nvraid - ok
18:48:33.0246 0x10fc nvsmu - ok
18:48:33.0246 0x10fc nvstor - ok
18:48:33.0261 0x10fc NvStreamKms - ok
18:48:33.0261 0x10fc NvStreamSvc - ok
18:48:33.0261 0x10fc nvsvc - ok
18:48:33.0277 0x10fc nvvad_WaveExtensible - ok
18:48:33.0277 0x10fc nv_agp - ok
18:48:33.0277 0x10fc ohci1394 - ok
18:48:33.0277 0x10fc ose - ok
18:48:33.0277 0x10fc ose64 - ok
18:48:33.0292 0x10fc osppsvc - ok
18:48:33.0292 0x10fc p2pimsvc - ok
18:48:33.0292 0x10fc p2psvc - ok
18:48:33.0292 0x10fc Parport - ok
18:48:33.0292 0x10fc partmgr - ok
18:48:33.0308 0x10fc PcaSvc - ok
18:48:33.0308 0x10fc pcCMService64 - ok
18:48:33.0308 0x10fc pci - ok
18:48:33.0308 0x10fc pciide - ok
18:48:33.0308 0x10fc pcmcia - ok
18:48:33.0324 0x10fc pcServiceHost - ok
18:48:33.0324 0x10fc pcw - ok
18:48:33.0324 0x10fc PEAUTH - ok
18:48:33.0324 0x10fc PeerDistSvc - ok
18:48:33.0339 0x10fc PerfHost - ok
18:48:33.0339 0x10fc PinnacleUpdateSvc - ok
18:48:33.0339 0x10fc pla - ok
18:48:33.0339 0x10fc PlugPlay - ok
18:48:33.0355 0x10fc PNRPAutoReg - ok
18:48:33.0355 0x10fc PNRPsvc - ok
18:48:33.0355 0x10fc PolicyAgent - ok
18:48:33.0355 0x10fc Power - ok
18:48:33.0371 0x10fc PptpMiniport - ok
18:48:33.0371 0x10fc Processor - ok
18:48:33.0371 0x10fc ProfSvc - ok
18:48:33.0371 0x10fc ProtectedStorage - ok
18:48:33.0371 0x10fc Psched - ok
18:48:33.0386 0x10fc ql2300 - ok
18:48:33.0386 0x10fc ql40xx - ok
18:48:33.0386 0x10fc QWAVE - ok
18:48:33.0386 0x10fc QWAVEdrv - ok
18:48:33.0386 0x10fc RasAcd - ok
18:48:33.0402 0x10fc RasAgileVpn - ok
18:48:33.0402 0x10fc RasAuto - ok
18:48:33.0402 0x10fc Rasl2tp - ok
18:48:33.0402 0x10fc RasMan - ok
18:48:33.0402 0x10fc RasPppoe - ok
18:48:33.0417 0x10fc RasSstp - ok
18:48:33.0417 0x10fc rdbss - ok
18:48:33.0417 0x10fc rdpbus - ok
18:48:33.0417 0x10fc RDPCDD - ok
18:48:33.0417 0x10fc RDPDR - ok
18:48:33.0433 0x10fc RDPENCDD - ok
18:48:33.0433 0x10fc RDPREFMP - ok
18:48:33.0433 0x10fc RdpVideoMiniport - ok
18:48:33.0433 0x10fc RDPWD - ok
18:48:33.0449 0x10fc rdyboost - ok
18:48:33.0449 0x10fc Remote Solver for Flow Simulation 2012 - ok
18:48:33.0449 0x10fc RemoteAccess - ok
18:48:33.0449 0x10fc RemoteRegistry - ok
18:48:33.0449 0x10fc RpcEptMapper - ok
18:48:33.0464 0x10fc RpcLocator - ok
18:48:33.0464 0x10fc RpcSs - ok
18:48:33.0464 0x10fc rspndr - ok
18:48:33.0464 0x10fc s3cap - ok
18:48:33.0464 0x10fc SamSs - ok
18:48:33.0480 0x10fc SASDIFSV - ok
18:48:33.0480 0x10fc SASKUTIL - ok
18:48:33.0480 0x10fc sbp2port - ok
18:48:33.0480 0x10fc SCardSvr - ok
18:48:33.0480 0x10fc scfilter - ok
18:48:33.0496 0x10fc Schedule - ok
18:48:33.0496 0x10fc SCPolicySvc - ok
18:48:33.0496 0x10fc SDRSVC - ok
18:48:33.0496 0x10fc SeagateDashboardService - ok
18:48:33.0496 0x10fc secdrv - ok
18:48:33.0511 0x10fc seclogon - ok
18:48:33.0511 0x10fc SENS - ok
18:48:33.0511 0x10fc SensrSvc - ok
18:48:33.0511 0x10fc Serenum - ok
18:48:33.0511 0x10fc Serial - ok
18:48:33.0527 0x10fc sermouse - ok
18:48:33.0527 0x10fc SessionEnv - ok
18:48:33.0527 0x10fc sffdisk - ok
18:48:33.0542 0x10fc sffp_mmc - ok
18:48:33.0542 0x10fc sffp_sd - ok
18:48:33.0542 0x10fc sfloppy - ok
18:48:33.0542 0x10fc SgtSch2Svc - ok
18:48:33.0542 0x10fc SharedAccess - ok
18:48:33.0558 0x10fc ShellHWDetection - ok
18:48:33.0558 0x10fc SiSRaid2 - ok
18:48:33.0558 0x10fc SiSRaid4 - ok
18:48:33.0558 0x10fc SkypeUpdate - ok
18:48:33.0574 0x10fc SmartDefragDriver - ok
18:48:33.0574 0x10fc Smb - ok
18:48:33.0574 0x10fc snapman - ok
18:48:33.0589 0x10fc SNMPTRAP - ok
18:48:33.0589 0x10fc SolidWorks Licensing Service - ok
18:48:33.0589 0x10fc spldr - ok
18:48:33.0589 0x10fc Spooler - ok
18:48:33.0589 0x10fc sppsvc - ok
18:48:33.0605 0x10fc sppuinotify - ok
18:48:33.0605 0x10fc srv - ok
18:48:33.0605 0x10fc srv2 - ok
18:48:33.0605 0x10fc srvnet - ok
18:48:33.0605 0x10fc SSDPSRV - ok
18:48:33.0621 0x10fc SstpSvc - ok
18:48:33.0621 0x10fc Steam Client Service - ok
18:48:33.0621 0x10fc Stereo Service - ok
18:48:33.0621 0x10fc stexstor - ok
18:48:33.0621 0x10fc stisvc - ok
18:48:33.0636 0x10fc storflt - ok
18:48:33.0636 0x10fc StorSvc - ok
18:48:33.0636 0x10fc storvsc - ok
18:48:33.0636 0x10fc swenum - ok
18:48:33.0636 0x10fc swprv - ok
18:48:33.0652 0x10fc SysMain - ok
18:48:33.0652 0x10fc TabletInputService - ok
18:48:33.0652 0x10fc TapiSrv - ok
18:48:33.0652 0x10fc TBS - ok
18:48:33.0652 0x10fc Tcpip - ok
18:48:33.0667 0x10fc TCPIP6 - ok
18:48:33.0667 0x10fc tcpipreg - ok
18:48:33.0667 0x10fc TDPIPE - ok
18:48:33.0667 0x10fc tdrpman - ok
18:48:33.0683 0x10fc TDTCP - ok
18:48:33.0683 0x10fc tdx - ok
18:48:33.0683 0x10fc TermDD - ok
18:48:33.0683 0x10fc TermService - ok
18:48:33.0683 0x10fc Themes - ok
18:48:33.0699 0x10fc THREADORDER - ok
18:48:33.0699 0x10fc tifsfilter - ok
18:48:33.0699 0x10fc timounter - ok
18:48:33.0699 0x10fc TrkWks - ok
18:48:33.0699 0x10fc TrustedInstaller - ok
18:48:33.0714 0x10fc tssecsrv - ok
18:48:33.0714 0x10fc TsUsbFlt - ok
18:48:33.0714 0x10fc tunnel - ok
18:48:33.0714 0x10fc uagp35 - ok
18:48:33.0730 0x10fc udfs - ok
18:48:33.0730 0x10fc UI0Detect - ok
18:48:33.0730 0x10fc uliagpkx - ok
18:48:33.0730 0x10fc umbus - ok
18:48:33.0746 0x10fc UmPass - ok
18:48:33.0746 0x10fc UmRdpService - ok
18:48:33.0746 0x10fc upnphost - ok
18:48:33.0746 0x10fc usbaudio - ok
18:48:33.0746 0x10fc usbccgp - ok
18:48:33.0761 0x10fc usbcir - ok
18:48:33.0761 0x10fc usbehci - ok
18:48:33.0761 0x10fc usbhub - ok
18:48:33.0761 0x10fc usbohci - ok
18:48:33.0761 0x10fc usbprint - ok
18:48:33.0777 0x10fc usbser - ok
18:48:33.0777 0x10fc USBSTOR - ok
18:48:33.0777 0x10fc usbuhci - ok
18:48:33.0777 0x10fc UxSms - ok
18:48:33.0777 0x10fc VaultSvc - ok
18:48:33.0792 0x10fc VClone - ok
18:48:33.0792 0x10fc vdrvroot - ok
18:48:33.0792 0x10fc vds - ok
18:48:33.0792 0x10fc vga - ok
18:48:33.0792 0x10fc VgaSave - ok
18:48:33.0808 0x10fc vhdmp - ok
18:48:33.0808 0x10fc viaide - ok
18:48:33.0808 0x10fc vmbus - ok
18:48:33.0808 0x10fc VMBusHID - ok
18:48:33.0808 0x10fc volmgr - ok
18:48:33.0824 0x10fc volmgrx - ok
18:48:33.0824 0x10fc volsnap - ok
18:48:33.0824 0x10fc vsmraid - ok
18:48:33.0824 0x10fc VSS - ok
18:48:33.0824 0x10fc vwifibus - ok
18:48:33.0839 0x10fc W32Time - ok
18:48:33.0839 0x10fc WacomPen - ok
18:48:33.0839 0x10fc WANARP - ok
18:48:33.0839 0x10fc Wanarpv6 - ok
18:48:33.0839 0x10fc WatAdminSvc - ok
18:48:33.0855 0x10fc wbengine - ok
18:48:33.0855 0x10fc WbioSrvc - ok
18:48:33.0855 0x10fc wcncsvc - ok
18:48:33.0855 0x10fc WcsPlugInService - ok
18:48:33.0855 0x10fc Wd - ok
18:48:33.0871 0x10fc Wdf01000 - ok
18:48:33.0871 0x10fc WdiServiceHost - ok
18:48:33.0871 0x10fc WdiSystemHost - ok
18:48:33.0871 0x10fc WebClient - ok
18:48:33.0871 0x10fc Wecsvc - ok
18:48:33.0886 0x10fc wercplsupport - ok
18:48:33.0886 0x10fc WerSvc - ok
18:48:33.0886 0x10fc WfpLwf - ok
18:48:33.0886 0x10fc WIMMount - ok
18:48:33.0886 0x10fc WinDefend - ok
18:48:33.0902 0x10fc WinHttpAutoProxySvc - ok
18:48:33.0902 0x10fc Winmgmt - ok
18:48:33.0902 0x10fc WinRM - ok
18:48:33.0917 0x10fc WinTabService - ok
18:48:33.0917 0x10fc Wlansvc - ok
18:48:33.0917 0x10fc wlcrasvc - ok
18:48:33.0917 0x10fc wlidsvc - ok
18:48:33.0917 0x10fc WmFilter - ok
18:48:33.0933 0x10fc WmiAcpi - ok
18:48:33.0933 0x10fc wmiApSrv - ok
18:48:33.0933 0x10fc WMPNetworkSvc - ok
18:48:33.0933 0x10fc WPCSvc - ok
18:48:33.0949 0x10fc WPDBusEnum - ok
18:48:33.0949 0x10fc ws2ifsl - ok
18:48:33.0949 0x10fc wscsvc - ok
18:48:33.0949 0x10fc WSearch - ok
18:48:33.0949 0x10fc wuauserv - ok
18:48:33.0964 0x10fc WudfPf - ok
18:48:33.0964 0x10fc WUDFRd - ok
18:48:33.0964 0x10fc wudfsvc - ok
18:48:33.0964 0x10fc WwanSvc - ok
18:48:33.0980 0x10fc xusb21 - ok
18:48:33.0980 0x10fc ================ Scan global ===============================
18:48:33.0980 0x10fc [ Global ] - ok
18:48:33.0980 0x10fc ================ Scan MBR ==================================
18:48:33.0996 0x10fc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:48:34.0230 0x10fc \Device\Harddisk1\DR1 - ok
18:48:34.0308 0x10fc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:34.0324 0x10fc \Device\Harddisk0\DR0 - ok
18:48:34.0339 0x10fc [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:48:34.0355 0x10fc \Device\Harddisk2\DR2 - ok
18:48:34.0355 0x10fc ================ Scan VBR ==================================
18:48:34.0371 0x10fc [ B776661A149C97484CEE10E6C3C93695 ] \Device\Harddisk0\DR0\Partition1
18:48:34.0402 0x10fc \Device\Harddisk0\DR0\Partition1 - ok
18:48:34.0402 0x10fc [ 7573703D1311D24CC310C18F7DD33998 ] \Device\Harddisk2\DR2\Partition1
18:48:34.0417 0x10fc \Device\Harddisk2\DR2\Partition1 - ok
18:48:34.0464 0x10fc AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2018.391 ), 0x40000 ( disabled : updated )
18:48:34.0480 0x10fc Win FW state via NFP2: enabled
18:48:37.0402 0x10fc ============================================================
18:48:37.0402 0x10fc Scan finished
18:48:37.0402 0x10fc ============================================================
18:48:37.0417 0x0ce0 Detected object count: 0
18:48:37.0417 0x0ce0 Actual detected object count: 0
18:49:38.0376 0x0604 Deinitialize success



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 29 May 2014 - 11:30 AM

Hi
 
Step 1
 


Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Also can I get an update on your machine. Are you still getting Virus messages from Avast?


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 Malren

Malren
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 May 2014 - 05:15 PM

Seedy,

 

The machine seems to be much better.  I am no longer getting any messages from avast about blocked URLs! 

 

Here are the logs

 

FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by James_2 (administrator) on JAMES-PC on 29-05-2014 17:43:04
Running from C:\Users\James_2\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-25] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-419854314-1677918223-1613990488-1008\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-419854314-1677918223-1613990488-1008\...\Run: [Pinnacle Game Profiler] => C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe [3829760 2014-05-02] (PowerUp Software, LLC)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\James_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD6636BDD712CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\James_2\AppData\Roaming\Mozilla\Firefox\Profiles\v07rkaqs.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @alternatiff.com/AlternaTIFF - C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James_2\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James_2\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-13]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-15]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James_2\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James_2\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\James_2\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (AlternaTIFF (QuickTime compatible)) - C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\James_2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (YouTube Center) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Google Search) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Google Wallet) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR Extension: (Type Fu) - C:\Users\James_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2013-11-04]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-07-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR StartMenuInternet: Google Chrome - C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
S4 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [321024 2013-05-08] (Alcatel-Lucent)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-25] (AVAST Software)
S4 CAMWorks License Server; c:\CAMWorksFlexLM\lmgrd.exe [1370752 2009-08-12] (Macrovision Corporation)
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC)
S4 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-04-09] (Mentor Graphics Corporation)

==================== Drivers (Whitelisted) ====================

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-25] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-02] ()
S3 FLASHSYS; C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [15192 2008-02-15] ()
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-02] ()
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 17:43 - 2014-05-29 17:43 - 00022726 _____ () C:\Users\James_2\Desktop\FRST.txt
2014-05-29 17:41 - 2014-05-29 17:41 - 02066944 _____ (Farbar) C:\Users\James_2\Desktop\FRST64.exe
2014-05-28 19:43 - 2014-05-28 19:43 - 00000851 _____ () C:\Users\James_2\Desktop\DW Chaos Weapon Setup.txt
2014-05-28 19:06 - 2014-05-28 19:07 - 00000000 ____D () C:\Users\James_2\AppData\Local\{91239E13-73CB-46C5-A578-0E82627B6292}
2014-05-28 18:45 - 2014-05-28 18:45 - 00039033 _____ () C:\Users\James_2\Desktop\ComboFix.txt
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\test\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Lo Res Test\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\James\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\CURRENT_USER\AppData\Local\temp
2014-05-28 18:22 - 2014-05-28 18:22 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\James_2\Desktop\tdsskiller.exe
2014-05-27 18:57 - 2014-05-27 18:57 - 00040324 _____ () C:\Users\James_2\Desktop\ComboFix_OLD.txt
2014-05-27 18:42 - 2014-05-27 18:42 - 00001204 _____ () C:\Users\James_2\Desktop\AdwCleaner[R3].txt
2014-05-27 18:41 - 2014-05-27 18:43 - 00000000 ____D () C:\AdwCleaner
2014-05-27 18:41 - 2014-05-27 18:41 - 01327971 _____ () C:\Users\James_2\Desktop\AdwCleaner.exe
2014-05-27 18:38 - 2014-05-27 18:39 - 05203612 ____R (Swearware) C:\Users\James_2\Desktop\ComboFix.exe
2014-05-27 18:33 - 2014-05-27 18:33 - 00000000 ____D () C:\Users\James_2\AppData\Local\{B8FCF738-333B-41B0-908D-954E4B3F0746}
2014-05-26 21:04 - 2014-05-26 21:04 - 00000000 ____D () C:\Users\James_2\AppData\Local\{51A6E73D-5647-40F3-8804-71982DFF8EB6}
2014-05-26 18:17 - 2014-05-26 18:17 - 04375704 _____ () C:\Users\James_2\Downloads\clisp-2.49-win32-mingw-big.exe
2014-05-26 09:18 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-26 09:17 - 2014-05-26 13:00 - 00000000 ____D () C:\Program Files\Bitdefender
2014-05-26 09:04 - 2014-05-26 09:17 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\QuickScan
2014-05-26 09:01 - 2014-05-26 09:01 - 00001079 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-05-26 09:01 - 2014-05-26 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-05-26 09:01 - 2014-05-26 09:01 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-26 08:47 - 2014-05-26 08:47 - 00000000 ____D () C:\Users\James_2\AppData\Local\{DAD2DDD2-1DDD-4873-A9B3-B988CC1D8D14}
2014-05-25 23:52 - 2014-05-25 23:53 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-25 23:52 - 2014-05-25 23:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-25 23:52 - 2014-05-25 23:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-25 23:23 - 2014-05-25 23:23 - 00162208 _____ () C:\Users\James_2\Downloads\Antivirus_Free_Edition.exe
2014-05-25 23:01 - 2014-05-25 23:01 - 00000000 ____D () C:\Users\James_2\AppData\Local\{B1B54FB1-AF42-41D1-897E-5401F9F51AA8}
2014-05-25 10:19 - 2014-05-25 10:19 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:57 - 2014-05-28 18:36 - 00209102 _____ () C:\Windows\PFRO.log
2014-05-25 09:53 - 2014-05-29 17:43 - 00000000 ____D () C:\FRST
2014-05-25 09:38 - 2014-05-25 09:50 - 00000216 _____ () C:\Windows\wininit.ini
2014-05-25 09:11 - 2014-05-25 00:31 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140525-091106.backup
2014-05-25 09:04 - 2014-05-29 06:57 - 00000000 ____D () C:\Users\James_2\AppData\Local\CrashDumps
2014-05-25 09:03 - 2014-05-25 09:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 09:03 - 2014-05-25 09:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 09:03 - 2014-05-25 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 08:55 - 2014-05-29 17:17 - 00486502 _____ () C:\Windows\setupact.log
2014-05-25 08:55 - 2014-05-25 08:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 01:38 - 2014-05-26 12:09 - 00000086 _____ () C:\Windows\system32\zqavt.hom
2014-05-25 01:07 - 2014-05-25 01:07 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-25 01:07 - 2014-05-25 01:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-25 01:07 - 2014-05-25 01:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-25 01:07 - 2014-05-25 01:07 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-25 01:07 - 2014-05-25 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 00:39 - 2014-05-25 01:11 - 00000000 ____D () C:\Program Files (x86)\Revo Group
2014-05-25 00:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-25 00:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-25 00:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-25 00:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-25 00:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-25 00:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-25 00:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-25 00:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-25 00:18 - 2014-05-28 18:45 - 00000000 ____D () C:\Qoobox
2014-05-25 00:18 - 2014-05-25 00:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 23:48 - 2014-05-25 09:05 - 00000000 ____D () C:\PCFIX
2014-05-24 22:02 - 2014-05-26 21:06 - 00000000 ____D () C:\Users\James_2\AppData\Local\VirtualStore
2014-05-24 21:55 - 2014-05-24 21:55 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-24 21:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-24 21:02 - 2014-05-24 21:02 - 03778560 _____ () C:\Users\James_2\Documents\RogueKillerX64.exe
2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 _____ () C:\Windows\system32\ochxfrd.nxc
2014-05-24 17:35 - 2014-05-24 17:35 - 00000064 _____ () C:\Windows\system32\dyrowe.vns
2014-05-24 17:20 - 2014-05-24 17:20 - 00310760 ____S () C:\Windows\system32\lhpooxx.aof
2014-05-23 23:45 - 2014-05-23 23:45 - 00000963 _____ () C:\Users\James_2\Desktop\TechPowerUp GPU-Z.lnk
2014-05-23 23:45 - 2014-05-23 23:45 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-05-23 23:45 - 2014-05-23 23:45 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-05-20 22:09 - 2014-05-20 22:09 - 00002106 _____ () C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
2014-05-20 22:09 - 2014-05-20 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
2014-05-20 22:09 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verscde4.rra
2014-05-20 22:09 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsocce22.rra
2014-05-20 22:09 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfocdb5.rra
2014-05-20 22:09 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpcd77.rra
2014-05-20 20:12 - 2014-05-26 00:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 20:12 - 2014-05-20 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 20:12 - 2014-05-20 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-20 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 13:01 - 2014-05-18 13:01 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\DarkSoulsII
2014-05-17 08:56 - 2014-05-17 08:56 - 00000000 ____D () C:\Users\James_2\Documents\TecmoKoei
2014-05-16 09:31 - 2014-05-16 09:31 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-05-16 09:31 - 2014-05-16 09:31 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-05-14 20:00 - 2014-05-29 17:17 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\DropboxMaster
2014-05-14 07:31 - 2014-05-14 07:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 07:31 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 07:31 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 07:31 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 07:31 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 07:31 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 07:31 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 07:30 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-05-14 07:30 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-05-14 07:30 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-05-14 07:30 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-05-14 07:30 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-05-14 07:30 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-05-14 07:05 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 07:05 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 07:05 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 07:05 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 07:05 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 07:05 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 07:05 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 07:05 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 07:05 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 07:05 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 07:05 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 07:05 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 07:05 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 07:05 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 07:05 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 07:05 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 07:04 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 07:04 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 07:04 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 07:04 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 07:04 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 07:04 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 07:04 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 07:04 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 07:04 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 07:04 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 07:04 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 07:04 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 07:04 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 07:04 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 07:04 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 07:04 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 07:04 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 07:04 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 07:04 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 07:04 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 21:11 - 2014-05-13 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 19:07 - 2014-05-13 19:07 - 00000837 _____ () C:\Users\James_2\AppData\Local\recently-used.xbel
2014-05-11 12:56 - 2014-05-11 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONET Assessment Tools
2014-05-11 12:56 - 2001-10-30 07:57 - 00509712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2014-05-11 12:56 - 2001-03-13 13:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2014-05-11 12:56 - 2001-03-13 13:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-05-11 12:56 - 2001-03-13 13:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-05-11 12:56 - 2001-03-13 13:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2014-05-11 12:56 - 2001-03-13 13:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-05-11 12:56 - 2000-08-20 20:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-05-09 18:45 - 2014-05-09 18:49 - 00000000 ____D () C:\ProgramData\Amazon
2014-05-06 17:31 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-06 17:31 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-06 07:45 - 2014-05-14 07:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 __SHD () C:\Users\James_2\AppData\Local\EmieUserList
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 __SHD () C:\Users\James_2\AppData\Local\EmieSiteList
2014-05-01 11:40 - 2014-05-01 11:40 - 00002124 _____ () C:\Users\James_2\Desktop\Pinnacle Game Profiler.lnk
2014-05-01 09:42 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers52cb.rra
2014-05-01 09:42 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc52ea.rra
2014-05-01 09:42 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo529c.rra
2014-05-01 09:42 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp51f0.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers3da5.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc3db5.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo3da5.rra
2014-05-01 09:12 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp3d95.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers38fb.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc390b.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo38ec.rra
2014-05-01 09:10 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp38cd.rra

==================== One Month Modified Files and Folders =======

2014-05-29 17:43 - 2014-05-29 17:43 - 00022726 _____ () C:\Users\James_2\Desktop\FRST.txt
2014-05-29 17:43 - 2014-05-25 09:53 - 00000000 ____D () C:\FRST
2014-05-29 17:43 - 2011-12-20 21:04 - 00000000 ____D () C:\Users\James_2\AppData\Local\Temp
2014-05-29 17:41 - 2014-05-29 17:41 - 02066944 _____ (Farbar) C:\Users\James_2\Desktop\FRST64.exe
2014-05-29 17:38 - 2012-04-01 12:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 17:26 - 2009-07-14 00:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 17:26 - 2009-07-14 00:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 17:22 - 2011-12-20 21:54 - 01580314 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 17:20 - 2013-05-19 08:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 17:18 - 2012-11-18 19:46 - 00000000 ___RD () C:\Users\James_2\Dropbox
2014-05-29 17:18 - 2012-11-18 19:41 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\Dropbox
2014-05-29 17:17 - 2014-05-25 08:55 - 00486502 _____ () C:\Windows\setupact.log
2014-05-29 17:17 - 2014-05-14 20:00 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\DropboxMaster
2014-05-29 17:17 - 2012-07-05 17:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-29 17:16 - 2013-05-19 08:31 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 17:16 - 2011-09-18 16:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 17:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 07:02 - 2011-12-24 18:12 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA.job
2014-05-29 06:57 - 2014-05-25 09:04 - 00000000 ____D () C:\Users\James_2\AppData\Local\CrashDumps
2014-05-29 06:53 - 2007-08-21 20:46 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2014-05-28 22:11 - 2013-09-18 08:51 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\vlc
2014-05-28 21:30 - 2010-05-28 00:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-28 19:43 - 2014-05-28 19:43 - 00000851 _____ () C:\Users\James_2\Desktop\DW Chaos Weapon Setup.txt
2014-05-28 19:07 - 2014-05-28 19:06 - 00000000 ____D () C:\Users\James_2\AppData\Local\{91239E13-73CB-46C5-A578-0E82627B6292}
2014-05-28 18:45 - 2014-05-28 18:45 - 00039033 _____ () C:\Users\James_2\Desktop\ComboFix.txt
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\test\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Lo Res Test\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\James\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-28 18:45 - 2014-05-28 18:45 - 00000000 ____D () C:\Users\CURRENT_USER\AppData\Local\temp
2014-05-28 18:45 - 2014-05-25 00:18 - 00000000 ____D () C:\Qoobox
2014-05-28 18:37 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-28 18:36 - 2014-05-25 09:57 - 00209102 _____ () C:\Windows\PFRO.log
2014-05-28 18:22 - 2014-05-28 18:22 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\James_2\Desktop\tdsskiller.exe
2014-05-28 06:54 - 2012-11-18 19:46 - 00001023 _____ () C:\Users\James_2\Desktop\Dropbox.lnk
2014-05-28 06:54 - 2012-11-18 19:42 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 06:54 - 2011-12-15 20:17 - 00000000 ___RD () C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 18:57 - 2014-05-27 18:57 - 00040324 _____ () C:\Users\James_2\Desktop\ComboFix_OLD.txt
2014-05-27 18:43 - 2014-05-27 18:41 - 00000000 ____D () C:\AdwCleaner
2014-05-27 18:42 - 2014-05-27 18:42 - 00001204 _____ () C:\Users\James_2\Desktop\AdwCleaner[R3].txt
2014-05-27 18:41 - 2014-05-27 18:41 - 01327971 _____ () C:\Users\James_2\Desktop\AdwCleaner.exe
2014-05-27 18:39 - 2014-05-27 18:38 - 05203612 ____R (Swearware) C:\Users\James_2\Desktop\ComboFix.exe
2014-05-27 18:33 - 2014-05-27 18:33 - 00000000 ____D () C:\Users\James_2\AppData\Local\{B8FCF738-333B-41B0-908D-954E4B3F0746}
2014-05-26 21:06 - 2014-05-24 22:02 - 00000000 ____D () C:\Users\James_2\AppData\Local\VirtualStore
2014-05-26 21:04 - 2014-05-26 21:04 - 00000000 ____D () C:\Users\James_2\AppData\Local\{51A6E73D-5647-40F3-8804-71982DFF8EB6}
2014-05-26 20:33 - 2013-03-13 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-05-26 20:33 - 2013-03-13 20:02 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-05-26 18:17 - 2014-05-26 18:17 - 04375704 _____ () C:\Users\James_2\Downloads\clisp-2.49-win32-mingw-big.exe
2014-05-26 15:02 - 2011-12-24 18:12 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core.job
2014-05-26 13:00 - 2014-05-26 09:17 - 00000000 ____D () C:\Program Files\Bitdefender
2014-05-26 12:09 - 2014-05-25 01:38 - 00000086 _____ () C:\Windows\system32\zqavt.hom
2014-05-26 09:17 - 2014-05-26 09:04 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\QuickScan
2014-05-26 09:03 - 2010-11-22 01:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-26 09:01 - 2014-05-26 09:01 - 00001079 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-05-26 09:01 - 2014-05-26 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-05-26 09:01 - 2014-05-26 09:01 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-26 08:47 - 2014-05-26 08:47 - 00000000 ____D () C:\Users\James_2\AppData\Local\{DAD2DDD2-1DDD-4873-A9B3-B988CC1D8D14}
2014-05-26 08:39 - 2011-12-16 20:14 - 00000000 ____D () C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2014-05-26 00:00 - 2014-05-20 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 23:53 - 2014-05-25 23:52 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-25 23:53 - 2011-07-15 19:31 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-25 23:53 - 2011-07-15 19:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-25 23:53 - 2011-07-15 19:31 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 23:52 - 2014-05-25 23:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-25 23:52 - 2014-05-25 23:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-25 23:52 - 2013-03-13 16:31 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-25 23:52 - 2013-03-13 16:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-25 23:52 - 2012-02-24 22:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-25 23:52 - 2011-07-15 19:31 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-25 23:52 - 2011-01-14 22:46 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-25 23:23 - 2014-05-25 23:23 - 00162208 _____ () C:\Users\James_2\Downloads\Antivirus_Free_Edition.exe
2014-05-25 23:01 - 2014-05-25 23:01 - 00000000 ____D () C:\Users\James_2\AppData\Local\{B1B54FB1-AF42-41D1-897E-5401F9F51AA8}
2014-05-25 10:19 - 2014-05-25 10:19 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:57 - 2014-05-25 09:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 09:50 - 2014-05-25 09:38 - 00000216 _____ () C:\Windows\wininit.ini
2014-05-25 09:50 - 2014-05-25 09:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 09:17 - 2014-04-18 07:51 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-05-25 09:05 - 2014-05-24 23:48 - 00000000 ____D () C:\PCFIX
2014-05-25 09:03 - 2014-05-25 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 08:55 - 2014-05-25 08:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 01:11 - 2014-05-25 00:39 - 00000000 ____D () C:\Program Files (x86)\Revo Group
2014-05-25 01:07 - 2014-05-25 01:07 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-25 01:07 - 2014-05-25 01:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-25 01:07 - 2014-05-25 01:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-25 01:07 - 2014-05-25 01:07 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-25 01:07 - 2014-05-25 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 01:07 - 2011-10-28 16:54 - 00000000 ____D () C:\Program Files\Java
2014-05-25 01:05 - 2014-03-14 09:35 - 00000000 ____D () C:\Users\James_2\Documents\CC Reg Backup
2014-05-25 00:58 - 2010-05-29 02:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-25 00:46 - 2011-12-15 20:25 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA Demos
2014-05-25 00:41 - 2009-07-14 03:46 - 00000000 ____D () C:\Windows\ShellNew
2014-05-25 00:36 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-25 00:35 - 2014-05-25 00:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 00:31 - 2014-05-25 09:11 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140525-091106.backup
2014-05-25 00:30 - 2009-07-13 22:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-25 00:30 - 2009-07-13 22:34 - 110624768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-25 00:30 - 2009-07-13 22:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-25 00:30 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-25 00:30 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-24 21:55 - 2014-05-24 21:55 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-24 21:02 - 2014-05-24 21:02 - 03778560 _____ () C:\Users\James_2\Documents\RogueKillerX64.exe
2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 _____ () C:\Windows\system32\ochxfrd.nxc
2014-05-24 17:35 - 2014-05-24 17:35 - 00000064 _____ () C:\Windows\system32\dyrowe.vns
2014-05-24 17:20 - 2014-05-24 17:20 - 00310760 ____S () C:\Windows\system32\lhpooxx.aof
2014-05-23 23:45 - 2014-05-23 23:45 - 00000963 _____ () C:\Users\James_2\Desktop\TechPowerUp GPU-Z.lnk
2014-05-23 23:45 - 2014-05-23 23:45 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-05-23 23:45 - 2014-05-23 23:45 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-05-23 12:45 - 2011-12-15 20:24 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\NVIDIA
2014-05-23 12:45 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 07:30 - 2011-12-25 10:56 - 00007606 _____ () C:\Users\James_2\AppData\Local\Resmon.ResmonCfg
2014-05-22 16:42 - 2012-02-19 19:36 - 00000000 ____D () C:\Users\James_2\Documents\My Kindle Content
2014-05-20 22:09 - 2014-05-20 22:09 - 00002106 _____ () C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
2014-05-20 22:09 - 2014-05-20 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
2014-05-20 20:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-05-20 20:12 - 2014-05-20 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 20:12 - 2014-05-20 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 20:12 - 2012-02-03 21:40 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 20:12 - 2011-12-15 22:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-20 20:12 - 2011-12-15 20:24 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\Malwarebytes
2014-05-20 20:12 - 2011-07-15 19:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 19:48 - 2014-03-06 08:07 - 00000000 ____D () C:\Users\James_2\AppData\Local\Battle.net
2014-05-20 18:11 - 2014-03-14 09:09 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-20 18:11 - 2014-03-14 09:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 13:01 - 2014-05-18 13:01 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\DarkSoulsII
2014-05-18 08:47 - 2012-04-01 12:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-18 08:47 - 2012-04-01 12:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-18 08:47 - 2011-05-16 17:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 08:56 - 2014-05-17 08:56 - 00000000 ____D () C:\Users\James_2\Documents\TecmoKoei
2014-05-16 09:31 - 2014-05-16 09:31 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-05-16 09:31 - 2014-05-16 09:31 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-05-16 08:10 - 2012-05-28 01:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 20:06 - 2012-06-17 12:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 17:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 16:28 - 2014-03-06 08:14 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-05-14 16:26 - 2011-12-15 20:17 - 00000000 ___RD () C:\Users\James_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 16:22 - 2011-12-20 21:59 - 00000608 __RSH () C:\Users\James_2\ntuser.pol
2014-05-14 16:22 - 2011-12-20 21:04 - 00000000 ____D () C:\Users\James_2
2014-05-14 07:36 - 2014-05-06 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 07:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 07:31 - 2014-05-14 07:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 07:31 - 2010-06-02 17:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 07:29 - 2013-07-12 15:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 07:27 - 2011-12-20 22:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 21:11 - 2014-05-13 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 19:07 - 2014-05-13 19:07 - 00000837 _____ () C:\Users\James_2\AppData\Local\recently-used.xbel
2014-05-13 19:07 - 2013-09-02 13:02 - 00000000 ____D () C:\Users\James_2\AppData\Local\gtk-2.0
2014-05-13 19:07 - 2013-08-14 19:22 - 00000000 ____D () C:\Users\James_2\.gimp-2.8
2014-05-12 07:26 - 2014-05-20 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-20 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2011-07-15 19:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 15:16 - 2014-05-11 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONET Assessment Tools
2014-05-11 15:16 - 2011-12-15 20:24 - 00000000 ____D () C:\Users\James_2\AppData\Roaming\uTorrent
2014-05-09 18:50 - 2010-05-30 01:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-09 18:49 - 2014-05-09 18:45 - 00000000 ____D () C:\ProgramData\Amazon
2014-05-09 18:49 - 2012-02-19 19:36 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-09 18:49 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 18:38 - 2010-09-17 21:31 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-05-09 02:14 - 2014-05-14 07:05 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 07:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 07:14 - 2013-05-19 08:31 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 07:14 - 2013-05-19 08:31 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 14:57 - 2011-12-24 18:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA
2014-05-07 14:57 - 2011-12-24 18:12 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core
2014-05-06 00:40 - 2014-05-14 07:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 07:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 07:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 07:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 08:41 - 2014-03-06 08:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-01 18:55 - 2010-06-08 17:41 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 __SHD () C:\Users\James_2\AppData\Local\EmieUserList
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 __SHD () C:\Users\James_2\AppData\Local\EmieSiteList
2014-05-01 11:40 - 2014-05-01 11:40 - 00002124 _____ () C:\Users\James_2\Desktop\Pinnacle Game Profiler.lnk
2014-04-30 18:18 - 2013-05-19 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-04-30 14:29 - 2013-10-29 20:18 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-30 14:29 - 2013-10-29 20:18 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-29 17:28 - 2013-07-27 22:50 - 00000000 ____D () C:\Users\James_2\Documents\Business

Some content of TEMP:
====================
C:\Users\James_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9c7af2.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 17:35

==================== End Of Log ============================

 

Addition:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by James_2 at 2014-05-29 17:43:36
Running from C:\Users\James_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Valley Without Wind Auto-Updater (HKLM-x32\...\A Valley Without Wind 0.540) (Version: 0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Anki (HKLM-x32\...\Anki) (Version: - )
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version: - )
ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.3.0.34 - ATT)
att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - att.net)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2011643118.48.56.35401418 - Audible, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Avernum: Escape From the Pit (HKLM-x32\...\Steam App 208400) (Version: - Spiderweb Software)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Batman: Arkham City™ PC (HKLM-x32\...\Steam App 57419) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Blackguards (HKLM-x32\...\Steam App 249650) (Version: - Daedalic Entertainment)
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - )
Business Plan Pro 15th Anniversary Edition (HKLM-x32\...\{3E9E68FB-49FA-410A-8787-424F2A506E0F}) (Version: 11.25.0009 - Palo Alto Software, Inc.)
CAMWorks 2012x64 (HKLM-x32\...\{4F856F0C-1E30-2012-AA64-0234040F48E4}) (Version: 1 - Geometric Technologies.)
CAMWorks Feed Speed Library (HKLM-x32\...\{D783C459-79CE-4C8D-9905-AD16470EBCC2}) (Version: 11.2.00 - Geometric Americas, Inc.)
CAMWorks FLEXLM License Manager (HKLM-x32\...\{0AAAB1B8-5ED0-42D2-842C-C08A95E8A8A7}) (Version: 1.00 - Teksoft)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Steam App 234080) (Version: - MercurySteam - Climax Studios)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Chantelise (HKLM-x32\...\Steam App 70420) (Version: - )
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Cognition: An Erica Reed Thriller (HKLM-x32\...\Steam App 242780) (Version: - Phoenix Online Studios)
Colemak (HKLM\...\{BD756A9D-EFDD-4872-9E59-28A1F591FE24}) (Version: 1.0.3.40 - Company)
Contrast (HKLM-x32\...\Steam App 224460) (Version: - Compulsion Games)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version: - )
Cura 13.11.2 (HKLM-x32\...\Cura_13.11.2) (Version: - )
D2SE V2.2.0 (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - )
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)
Dead Island Save Editor (HKCU\...\Dead Island Save Editor_is1) (Version: 0.1.6.0 - Steffen L)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version: - Microsoft)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)
DYNASTY WARRIORS 8: Xtreme Legends Complete Edition (HKLM-x32\...\Steam App 278080) (Version: - TECMO KOEI GAMES CO., LTD.)
EA Installer (HKLM-x32\...\EA Installer.933149878) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
EVGA SLI Enhancement Patch (HKLM-x32\...\{B92F811F-CC92-475C-A9E9-3E98DBB48052}) (Version: 1.0.3.27 - EVGA)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - )
Game Genie Save Editor for PS3 (US) (HKLM-x32\...\{59B1995D-81FD-4B78-A0BE-94A0E90B6AE8}) (Version: 1.1.0.0 - Game Genie)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - )
Hero Editor V1.03 (HKLM-x32\...\ST6UNST #1) (Version: - )
Hexcells (HKLM-x32\...\Steam App 265890) (Version: - Matthew Brown)
Hexcells Plus (HKLM-x32\...\Steam App 271900) (Version: - Matthew Brown)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
HSMAdvisor (HKLM-x32\...\HSMAdvisor) (Version: - )
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
InfraRecorder 0.52 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0052-000001000000}) (Version: 0.52.00.00 - Christian Kindahl)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Team Bondi)
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version: - Crystal Dynamics)
Liveupdate4 (HKLM-x32\...\Liveupdate4_is1) (Version: - MSI, Inc.)
Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - )
MatterControl version 0.9.4 (HKLM-x32\...\{EE5A0E0E-8608-4272-94D6-C2CDCD9307F2}_is1) (Version: 0.9.4 - MatterHackers, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version: - PlatinumGames)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic X - Legacy (HKLM-x32\...\Steam App 238750) (Version: - Ubisoft)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-586fbb60-e3aa-4c6a-aa0f-cd1ddf49159b) (Version: - Epic Games, Inc.)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2)
New Vegas Configator version 1.6 (HKLM-x32\...\New Vegas Configator_is1) (Version: 1.6 - Rudolf Enberg)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.5 - Black Tree Gaming)
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
Omnitool version 12 (HKLM-x32\...\{C639B1D2-D1FB-454C-BB28-C5348B2EB95C}_is1) (Version: 12 - Fabian Dill)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.6.8 - PowerUp Software)
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 10.00 - )
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - Indie Stone Studios)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions, Inc.)
Puzzle Dimension (HKLM-x32\...\Steam App 57200) (Version: - Doctor Entertainment AB)
Puzzle Quest 2 (HKLM-x32\...\Steam App 47540) (Version: - )
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rand McNally Dock (HKLM-x32\...\{6175FC2F-D3FE-4A59-B9F3-C363A9F71B90}) (Version: 1.00.4413 - Rand McNally)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version: - EasyGameStation)
Repetier-Host version 0.90C (HKLM\...\{1143F758-929B-4EEB-8784-46CCB622F037}_is1) (Version: 0.90C - repetier)
RoBo 3D Repetier-Host 3D Printer Software version 0.90D (HKLM\...\{1143E758-929B-4EEB-8784-46CCB621F649}_is1) (Version: 0.90D - repetier)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - )
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Seagate DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8326 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sins of a Solar Empire - Diplomacy (HKLM-x32\...\Sins of a Solar Empire - Diplomacy) (Version: - Stardock Corporation)
Sins of a Solar Empire - Entrenchment (HKLM-x32\...\Sins of a Solar Empire - Entrenchment) (Version: - Stardock Corporation)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version: - Stardock Corporation)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
SolidWorks 2012 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20120-40400-1100-100) (Version: 20.4.0.64 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP04 (Version: 20.140.64 - SolidWorks) Hidden
SolidWorks Flow Simulation 2012 SP04 x64 Edition (Version: 20.40.65 - SolidWorks Corporation) Hidden
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Ruler (HKLM-x32\...\Steam App 70900) (Version: - Blind Mind Studios)
Star Wars: The Force Unleashed (HKLM-x32\...\Steam App 32430) (Version: - LucasArts)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Still Life 3 (HKLM-x32\...\{D5389B8A-7D09-4DC8-AC1E-C0277E536F24}_is1) (Version: - Microids, Inc.)
StillLife (HKLM-x32\...\StillLife) (Version: 1.0 - Microids)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version: - Born Ready Games Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
Superbrothers: Sword & Sworcery EP (HKLM-x32\...\Steam App 204060) (Version: - Capybara)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Terrafirma (HKLM-x32\...\{839BB90D-EB71-4BF1-B20A-52626B7D8B78}) (Version: 1.8.2 - Sean Kasun)
Terrafirma (HKLM-x32\...\{C3D204B0-1293-4FE8-A590-0E272D910D7E}) (Version: 2.0.3.0 - Sean Kasun)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin)
The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version: - Square Enix)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.12.70 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.7.7 - Electronic Arts)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version: - Modern Dream)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - )
TorchED (HKLM-x32\...\Runic Games TorchED) (Version: 1.0.68.226 - )
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - )
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2010 wfliper (x32 Version: 010.000.1070 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4012 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0457 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0213 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2011 wfliper (x32 Version: 011.000.1292 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Underrail (HKLM-x32\...\Steam App 250520) (Version: - Stygian Software)
Unepic (HKLM-x32\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
UPG (HKLM-x32\...\{5203FABA-7964-492F-B0F6-3BAFFCD0F2D3}) (Version: 2.0.0 - TekSoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USB High-Speed Reader (HKLM-x32\...\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC8}) (Version: 1.00.0000 - )
Veoh Web Player (HKLM-x32\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino Boards (01/01/2013 1.0.0.0) (HKLM\...\27F112693ABDF0F56F902294F4BF6B9EE3B8C6D0) (Version: 01/01/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
X3 Albio Prelude Bonus Pack 5.1.0.0 (HKLM-x32\...\X3AP Bonus Pack_is1) (Version: 5.1.0.0 - Egosoft)
X3 Editor 2 (HKLM-x32\...\X3 Editor 2) (Version: - doubleshadow)
X3 map v1.2 (remove only) (HKLM-x32\...\X3 map by Scorp) (Version: - )
X3 ModManager (HKLM-x32\...\X3 ModManager) (Version: - )
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version: - )
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version: - Egosoft)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - )
X-SuperBox Bonus Material (HKLM-x32\...\Steam App 2860) (Version: - )
X-Universe Plugin Manager 1.41 (HKLM-x32\...\X-Universe Plugin Manager_is1) (Version: 1.41 - Cycrow)
Zeno Clash (HKLM-x32\...\Steam App 22200) (Version: - ACE Team)

==================== Restore Points =========================

25-05-2014 01:37:57 Scheduled Checkpoint
25-05-2014 04:57:17 Revo Uninstaller's restore point - Java 7 Update 55
25-05-2014 04:57:39 Removed Java 7 Update 55
25-05-2014 05:06:53 Installed Java 7 Update 55 (64-bit)
25-05-2014 13:39:23 Cleaner (Spybot - Search & Destroy 2.3, administrator privileges
26-05-2014 00:00:21 Windows Backup
26-05-2014 03:51:03 avast! antivirus system restore point
28-05-2014 22:25:02 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-05-28 18:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04B88B84-6B59-4D39-91BA-0CDF2B519B70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {3CC5DF3D-CF97-4561-B5A8-248AA34B5718} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {40E1BFD3-C05F-4D26-8E10-490B54C7991B} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {51DF9DF8-F96B-470D-AF52-56D62AED8890} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core => C:\Users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {5544A8ED-2183-4160-B63B-F9D24733A4AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {77843BAA-6F97-42F8-812A-CCF007AAB5A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {9C70786B-CA77-4300-AD3D-E13310FEC666} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA => C:\Users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {A35180B1-E948-4AA4-83B5-58680A028C43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C4D7CBA2-9EED-408C-8F9C-8A8820EE43A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {CAA2D03C-409E-4A00-9EF2-1EA112CBF44F} - System32\Tasks\Shutdown after Backup => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {DCBE0D98-950B-4E35-A4B6-8EEFEDE08108} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-25] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008Core.job => C:\Users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419854314-1677918223-1613990488-1008UA.job => C:\Users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-18 08:23 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-07 05:39 - 2011-10-07 05:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-05-26 20:33 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2014-05-29 06:53 - 2014-05-29 06:53 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14052900\algo.dll
2014-05-29 17:17 - 2014-05-29 17:17 - 00043008 _____ () c:\users\james_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9c7af2.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\James_2\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-19 10:01 - 2013-11-19 10:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ATT MAHostService => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CAMWorks License Server => 3
MSCONFIG\Services: CoordinatorServiceHost => 3
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IntuitUpdateService => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Movielink Core Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: pcCMService => 2
MSCONFIG\Services: pcCMService64 => 2
MSCONFIG\Services: pcServiceHost => 2
MSCONFIG\Services: Remote Solver for Flow Simulation 2012 => 3
MSCONFIG\Services: SBUpd => 2
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: SgtSch2Svc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SolidWorks Licensing Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UpdateCenterService => 2
MSCONFIG\Services: WinTabService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rand McNally Dock.lnk => C:\Windows\pss\Rand McNally Dock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk => C:\Windows\pss\Impulse Now.lnk.Startup
MSCONFIG\startupfolder: C:^Users^James_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^James_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\pcTrayApp.exe"
MSCONFIG\startupreg: Battle.net => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
MSCONFIG\startupreg: CICache => CICache.exe
MSCONFIG\startupreg: DiscWizardMonitor.exe => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
MSCONFIG\startupreg: Dit => Dit.exe
MSCONFIG\startupreg: GameCompanion => "C:\Program Files (x86)\GameCompanion\GameCompanion.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\James_2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LoadMSvcmm => "C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe"
MSCONFIG\startupreg: Mobile Connectivity Suite => "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\James_2\Downloads\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: WTClient => WTClient.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 06:57:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 12.4.67.0, time stamp: 0x535fafd9
Faulting module name: nvapi.dll_unloaded, version: 0.0.0.0, time stamp: 0x5315b419
Exception code: 0xc0000005
Fault offset: 0x677c91e3
Faulting process id: 0xa04
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (05/29/2014 06:57:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 12.4.67.0, time stamp: 0x535fafd9
Faulting module name: nvapi.dll_unloaded, version: 0.0.0.0, time stamp: 0x5315b419
Exception code: 0xc0000005
Fault offset: 0x679831e6
Faulting process id: 0xa04
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (05/28/2014 06:04:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/28/2014 06:04:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/28/2014 06:04:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/27/2014 07:00:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/27/2014 07:00:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/27/2014 07:00:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/26/2014 01:02:21 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/26/2014 08:12:45 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (05/29/2014 05:17:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/29/2014 06:54:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2014 07:00:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (05/28/2014 06:54:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2014 06:42:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (05/28/2014 06:37:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2014 06:35:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/28/2014 06:31:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/28/2014 06:26:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/28/2014 06:26:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (05/29/2014 06:57:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe12.4.67.0535fafd9nvapi.dll_unloaded0.0.0.05315b419c0000005677c91e3a0401cf7b2c2d915d34C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvapi.dll051076c8-e720-11e3-acfe-406186c9314c

Error: (05/29/2014 06:57:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe12.4.67.0535fafd9nvapi.dll_unloaded0.0.0.05315b419c0000005679831e6a0401cf7b2c2d915d34C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvapi.dllffea74cf-e71f-11e3-acfe-406186c9314c

Error: (05/28/2014 06:04:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/28/2014 06:04:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/28/2014 06:04:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/27/2014 07:00:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/27/2014 07:00:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/27/2014 07:00:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/26/2014 01:02:21 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/26/2014 08:12:45 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


CodeIntegrity Errors:
===================================
Date: 2014-05-28 18:26:57.415
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-28 18:26:57.313
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-28 18:26:57.210
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-28 18:26:57.109
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-27 18:54:58.104
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-27 18:54:57.988
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-20 18:48:34.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-20 18:48:34.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-20 18:47:58.125
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-20 18:47:58.078
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8191.24 MB
Available physical RAM: 5853.79 MB
Total Pagefile: 16380.66 MB
Available Pagefile: 13907.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive b: (Backup) (Fixed) (Total:931.51 GB) (Free:87.83 GB) NTFS
Drive c: () (Fixed) (Total:931.41 GB) (Free:259.46 GB) NTFS
Drive f: (External) (Fixed) (Total:465.76 GB) (Free:313.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6FFEBF1E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9669725B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=931 GB) - (Type=42)
Partition 4: (Not Active) - (Size=1752 KB) - (Type=42)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 45586FC5)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 30 May 2014 - 03:24 PM

Hi Malren

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Reg: REG ADD "HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows" /v LoadAppInit_DLLs /t REG_DWORD /d 0x0 /f
2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 _____ () C:\Windows\system32\ochxfrd.nxc
2014-05-24 17:35 - 2014-05-24 17:35 - 00000064 _____ () C:\Windows\system32\dyrowe.vns
2014-05-24 17:20 - 2014-05-24 17:20 - 00310760 ____S () C:\Windows\system32\lhpooxx.aof
2014-05-20 22:09 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verscde4.rra
2014-05-20 22:09 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsocce22.rra
2014-05-20 22:09 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfocdb5.rra
2014-05-20 22:09 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpcd77.rra
2014-05-11 12:56 - 2001-10-30 07:57 - 00509712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2014-05-11 12:56 - 2001-03-13 13:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2014-05-11 12:56 - 2001-03-13 13:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-05-11 12:56 - 2001-03-13 13:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-05-11 12:56 - 2001-03-13 13:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2014-05-11 12:56 - 2001-03-13 13:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-05-11 12:56 - 2000-08-20 20:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-05-01 09:42 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers52cb.rra
2014-05-01 09:42 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc52ea.rra
2014-05-01 09:42 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo529c.rra
2014-05-01 09:42 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp51f0.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers3da5.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc3db5.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo3da5.rra
2014-05-01 09:12 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp3d95.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers38fb.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc390b.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo38ec.rra
2014-05-01 09:10 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp38cd.rra
C:\Users\James_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9c7af2.dll
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 Malren

Malren
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 30 May 2014 - 03:33 PM

Here is the log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by James_2 at 2014-05-30 16:26:18 Run:1
Running from C:\Users\James_2\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Reg: REG ADD "HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows" /v LoadAppInit_DLLs /t REG_DWORD /d 0x0 /f
2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 _____ () C:\Windows\system32\ochxfrd.nxc
2014-05-24 17:35 - 2014-05-24 17:35 - 00000064 _____ () C:\Windows\system32\dyrowe.vns
2014-05-24 17:20 - 2014-05-24 17:20 - 00310760 ____S () C:\Windows\system32\lhpooxx.aof
2014-05-20 22:09 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verscde4.rra
2014-05-20 22:09 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsocce22.rra
2014-05-20 22:09 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfocdb5.rra
2014-05-20 22:09 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpcd77.rra
2014-05-11 12:56 - 2001-10-30 07:57 - 00509712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2014-05-11 12:56 - 2001-03-13 13:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2014-05-11 12:56 - 2001-03-13 13:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-05-11 12:56 - 2001-03-13 13:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-05-11 12:56 - 2001-03-13 13:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2014-05-11 12:56 - 2001-03-13 13:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-05-11 12:56 - 2000-08-20 20:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-05-01 09:42 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers52cb.rra
2014-05-01 09:42 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc52ea.rra
2014-05-01 09:42 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo529c.rra
2014-05-01 09:42 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp51f0.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers3da5.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc3db5.rra
2014-05-01 09:12 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo3da5.rra
2014-05-01 09:12 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp3d95.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers38fb.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc390b.rra
2014-05-01 09:10 - 2009-07-13 21:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo38ec.rra
2014-05-01 09:10 - 2009-07-13 21:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp38cd.rra
C:\Users\James_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9c7af2.dll
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
catchme => Service deleted successfully.

========= REG ADD "HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows" /v LoadAppInit_DLLs /t REG_DWORD /d 0x0 /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\system32\ochxfrd.nxc => Moved successfully.
C:\Windows\system32\dyrowe.vns => Moved successfully.
Could not move "C:\Windows\system32\lhpooxx.aof" => Scheduled to move on reboot.
C:\Windows\SysWOW64\verscde4.rra => Moved successfully.
C:\Windows\SysWOW64\wsocce22.rra => Moved successfully.
C:\Windows\SysWOW64\shfocdb5.rra => Moved successfully.
C:\Windows\SysWOW64\advpcd77.rra => Moved successfully.
C:\Windows\SysWOW64\temp.006 => Moved successfully.
C:\Windows\SysWOW64\temp.005 => Moved successfully.
C:\Windows\SysWOW64\temp.000 => Moved successfully.
C:\Windows\SysWOW64\temp.001 => Moved successfully.
C:\Windows\SysWOW64\temp.003 => Moved successfully.
C:\Windows\SysWOW64\temp.002 => Moved successfully.
C:\Windows\SysWOW64\temp.004 => Moved successfully.
C:\Windows\SysWOW64\vers52cb.rra => Moved successfully.
C:\Windows\SysWOW64\wsoc52ea.rra => Moved successfully.
C:\Windows\SysWOW64\shfo529c.rra => Moved successfully.
C:\Windows\SysWOW64\advp51f0.rra => Moved successfully.
C:\Windows\SysWOW64\vers3da5.rra => Moved successfully.
C:\Windows\SysWOW64\wsoc3db5.rra => Moved successfully.
C:\Windows\SysWOW64\shfo3da5.rra => Moved successfully.
C:\Windows\SysWOW64\advp3d95.rra => Moved successfully.
C:\Windows\SysWOW64\vers38fb.rra => Moved successfully.
C:\Windows\SysWOW64\wsoc390b.rra => Moved successfully.
C:\Windows\SysWOW64\shfo38ec.rra => Moved successfully.
C:\Windows\SysWOW64\advp38cd.rra => Moved successfully.
"C:\Users\James_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9c7af2.dll" => File/Directory not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-30 16:29:52)<=

C:\Windows\system32\lhpooxx.aof => Is moved successfully.

==== End of Fixlog ====



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 30 May 2014 - 03:53 PM

Hi Malren

Step 1

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program

Copy and paste ESETScanLog.txt in your next reply

Step 2

 

We need to make sure your software is up to date.
 

  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
     
  • If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
  • When you see a console window, press any key to continue scanning.
  • Wait while it scans.
  • If your firewall alerts you of Security Check, please press 'Allow' or similar.
     

Edited by seedy21, 30 May 2014 - 03:53 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 Malren

Malren
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 30 May 2014 - 07:20 PM

ESET found no threats!

 

Security check gave the following log:

 

 

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Adobe Flash Player 13.0.0.214
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
windows defender MpCmdRun.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:37 PM

Posted 31 May 2014 - 10:13 AM


Hi Malren


Step 1

We need to make sure Avast is up to date.

  • Open Avast to load the Main Interface
  • Click 46.png to activate the following screen

    47.png
  • Click 48.png to begin updating the engine and virus definitions.
  • Click51.png after the engine and virus definition process has been completed, to return to the Maintenance UPDATE screen.

    Updating the avast! program upgrade follows a similar procedure to updating the engine and virus definitions.
  • Click 52.png to start the update process, and start the Program upgrade process.

Click 51.png after the program upgrade process has been completed, to return to the Maintenance UPDATE pane.

Step 2

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Get the latest version for your OS here:
http://get.adobe.com/reader/otherversions/

Uncheck "Yes, install McAfee Security Scan Plus - optional (0.9 MB)"

Select the Download now button.

Then install Adobe Reader by double-clicking the downloaded installer package.

Step 3

How is the machine running now? Do you have further issues?


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users