Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Name Not Available in sound mixer?


  • This topic is locked This topic is locked
85 replies to this topic

#1 Talishi

Talishi

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 03 June 2014 - 10:48 PM

Hello. Ever since yesterday I've been having strange sounds coming from my computer. It's garbled and laggy sound coming out of something called Name Not Available in the sound mixer. It sounds like a woman trying to speak but it's so distorted and laggy there's not way to tell what she's saying. I googled around and found that I might need to mess with a registry editor. I'm not all that good with that so I'd rather get help from someone who knows more about computers than me.
 
I'm running Windows 7 64-bit Home Premium.

Edited by Queen-Evie, 06 June 2014 - 11:43 AM.
moved from Am I Infected to MRL


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 04 June 2014 - 10:36 AM

Hi Talishi,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 04 June 2014 - 04:41 PM

Hello and thank you for the reply. Upon turning on my computer this morning, I was unable to connect to the internet and got a black screen when trying to open the task killer. I was able to download Rkill from the first link in safe mode. I then rebooted the computer and ran Windows normally. Then I ran Rkill. The internet is now working outside of safe mode. Here is the .txt that Rkill made.

 

 

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/04/2014 02:27:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\svchost.exe (PID: 3032) [SFI]
 * C:\Windows\system32\msiexec.exe (PID: 3320) [WD-HEUR]
 * C:\Windows\system32\vssvc.exe (PID: 4036) [WD-HEUR]
 * C:\Windows\system32\wbengine.exe (PID: 3376) [WD-HEUR]
 * C:\Windows\system32\wbem\WmiApSrv.exe (PID: 3644) [WD-HEUR]

5 proccesses terminated!

Possibly Patched Files.

 * C:\Windows\system32\dllhost.exe

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\Windows\System32\dllhost.exe : 9,728 : 10/11/2013 05:41 AM : 325840783bd4898b2e1425580b7b8d45 [NoSig]
 +-> C:\Windows\SysWOW64\dllhost.exe : 7,168 : 10/11/2013 05:41 AM : 292487151cc8c6167f5c77ade8c433f0 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe : 9,728 : 10/11/2013 05:41 AM : 325840783bd4898b2e1425580b7b8d45 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7,168 : 10/11/2013 05:41 AM : 292487151cc8c6167f5c77ade8c433f0 [Pos Repl]

 * C:\Windows\System32\rpcss.dll : 520,192 : 11/20/2010 06:27 AM : 67a6a07aab5db6dcb9d20f142613427a [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 06:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 06:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]

Checking HOSTS File:

 * No issues found.

Program finished at: 06/04/2014 02:32:55 PM
Execution time: 0 hours(s), 5 minute(s), and 47 seconds(s)


Edited by Talishi, 04 June 2014 - 04:41 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 05 June 2014 - 10:49 AM

Hi Talishi,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 05 June 2014 - 04:39 PM

Alright, thank you. Here are the logs, FRST.txt followed by Addition.txt.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by mws (administrator) on MWS-PC on 05-06-2014 14:33:34
Running from C:\Users\mws\Pictures
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\1308628324\ee\aolsoftware.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\1308628324\ee\aolsoftware.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1308628324\ee\AOLSoftware.exe [41264 2009-07-20] (AOL LLC)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-04-29] (Affinegy, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2988928 2011-06-10] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Run: [Google Update] => C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-06] (Google Inc.)
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\MountPoints2: {f28bd4c0-b3ce-11e0-9ca3-806e6f6e6963} - K:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0308DA12D0DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {05E7A023-5971-43C7-ADBB-AA37DFDC5B99} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {05E7A023-5971-43C7-ADBB-AA37DFDC5B99} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
SearchScopes: HKCU - DefaultScope {9F001469-89D3-4E68-8C09-E29D06280729} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {05E7A023-5971-43C7-ADBB-AA37DFDC5B99} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
SearchScopes: HKCU - {9F001469-89D3-4E68-8C09-E29D06280729} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -  No File
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CorePluginIEBHO Class - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npPlayNowPlugin - C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\mws\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\mws\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\mws\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\mws\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\mws\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\mws\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\mws\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\ascsurfingprotection@iobit.com [2013-12-12]
FF Extension: Разпознаване на устройство Logitech - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\DeviceDetection@logitech.com [2011-11-21]
FF Extension: MEGA - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\firefox@mega.co.nz.xpi [2014-05-07]
FF Extension: Missing e - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi [2012-02-25]
FF Extension: Tumblr Savior - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-04-22]
FF Extension: HTTPS Finder - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\pwznuffwtm@pwznuffwtm.org.xpi [1675-12-04]
FF Extension: XKit - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\xkit@studioxenix.com.xpi [2014-03-10]
FF Extension: Start Page - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-09]
FF Extension: Adblock Plus - C:\Users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-11-14]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128384 2011-05-04] (SUPERAntiSpyware.com)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-12] (Realtek Semiconductor)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com))
R2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-19] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-19] (AVG Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-10-27] ()
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
U3 an4kh1ik; C:\Windows\System32\Drivers\an4kh1ik.sys [0 ] (Advanced Micro Devices)
U3 ayq8jj2i; C:\Windows\System32\Drivers\ayq8jj2i.sys [0 ] (Advanced Micro Devices)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 14:32 - 2014-06-05 14:33 - 00000000 ____D () C:\FRST
2014-06-05 06:22 - 2014-06-05 06:22 - 00000000 ____D () C:\20f4b063d426b41203
2014-06-05 06:13 - 2014-06-05 06:14 - 00000000 ____D () C:\e8fcfac3be02bb5c7e
2014-06-05 02:53 - 2014-06-05 02:53 - 00000000 ____D () C:\8d9d12d810b4b8bef141cf496f47
2014-06-04 14:27 - 2014-06-05 14:31 - 00004912 _____ () C:\Users\mws\Desktop\Rkill.txt
2014-06-04 14:20 - 2014-06-04 14:20 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\mws\Desktop\rkill.exe
2014-06-04 04:36 - 2014-06-04 04:37 - 00000000 ____D () C:\fbadd8fc686dc637737b2ee9
2014-06-04 03:03 - 2014-06-04 03:03 - 00000000 ____D () C:\90040027d1b819f59d
2014-06-03 12:05 - 2014-06-04 14:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 12:05 - 2014-06-03 12:05 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 12:05 - 2014-06-03 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 12:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 12:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 12:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-01 08:42 - 2014-06-05 14:10 - 00000083 _____ () C:\Windows\system32\vvwwzdz.dka
2014-06-01 08:31 - 2014-06-01 08:31 - 00000064 _____ () C:\Windows\system32\llkxthi.cvw
2014-06-01 08:31 - 2014-06-01 08:31 - 00000000 _____ () C:\Windows\system32\bkrq.ulh
2014-06-01 08:14 - 2014-06-01 08:14 - 00311784 ____S () C:\Windows\system32\ugul.jvi
2014-06-01 08:13 - 2014-06-01 08:13 - 00070656 _____ (Microsoft Corporation) C:\Users\mws\AppData\Roaming\nzghjot.dll
2014-05-29 08:27 - 2014-05-29 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-10 13:09 - 2014-06-05 14:30 - 00003472 _____ () C:\Windows\setupact.log
2014-05-10 13:09 - 2014-05-10 13:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-10 13:05 - 2014-06-05 06:00 - 00022318 _____ () C:\Windows\PFRO.log
2014-05-10 13:04 - 2014-05-10 13:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-10 11:33 - 2014-05-10 11:33 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-05-10 10:44 - 2014-05-10 10:44 - 00000378 _____ () C:\Windows\DirectX.log
2014-05-10 10:35 - 2014-05-10 10:35 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-10 10:35 - 2014-05-10 10:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-10 10:35 - 2014-05-10 10:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-10 10:35 - 2014-05-10 10:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-10 08:33 - 2014-05-10 08:33 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-10 08:04 - 2014-05-10 08:04 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (mws)
2014-05-10 08:04 - 2014-03-10 18:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-05-10 08:04 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-05-09 19:02 - 2014-05-09 19:26 - 00018944 _____ () C:\Users\mws\Documents\ResumeTemplate 7.wps
2014-05-09 18:21 - 2014-05-09 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 17:21 - 2014-05-07 17:22 - 00000000 ____D () C:\Users\mws\Desktop\klk2

==================== One Month Modified Files and Folders =======

2014-06-05 14:33 - 2014-06-05 14:32 - 00000000 ____D () C:\FRST
2014-06-05 14:33 - 2011-06-20 21:30 - 00000000 ____D () C:\Users\mws\AppData\Roaming\Skype
2014-06-05 14:33 - 2011-06-20 20:28 - 00000000 ____D () C:\Users\mws\AppData\Local\Temp
2014-06-05 14:31 - 2014-06-04 14:27 - 00004912 _____ () C:\Users\mws\Desktop\Rkill.txt
2014-06-05 14:30 - 2014-05-10 13:09 - 00003472 _____ () C:\Windows\setupact.log
2014-06-05 14:28 - 2011-06-20 20:27 - 01866505 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 14:24 - 2012-04-25 22:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 14:10 - 2014-06-01 08:42 - 00000083 _____ () C:\Windows\system32\vvwwzdz.dka
2014-06-05 14:07 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:07 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:04 - 2011-06-20 21:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-05 13:59 - 2011-06-26 07:17 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 13:59 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 13:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-06-05 06:22 - 2014-06-05 06:22 - 00000000 ____D () C:\20f4b063d426b41203
2014-06-05 06:14 - 2014-06-05 06:13 - 00000000 ____D () C:\e8fcfac3be02bb5c7e
2014-06-05 06:00 - 2014-05-10 13:05 - 00022318 _____ () C:\Windows\PFRO.log
2014-06-05 02:53 - 2014-06-05 02:53 - 00000000 ____D () C:\8d9d12d810b4b8bef141cf496f47
2014-06-05 02:50 - 2013-02-28 18:47 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001UA.job
2014-06-05 02:47 - 2011-06-26 07:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 19:04 - 2014-03-19 09:24 - 00000000 ____D () C:\Users\mws\Desktop\PSO2
2014-06-04 14:50 - 2013-02-28 18:47 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001Core.job
2014-06-04 14:47 - 2014-06-03 12:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 14:20 - 2014-06-04 14:20 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\mws\Desktop\rkill.exe
2014-06-04 04:53 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2014-06-04 04:37 - 2014-06-04 04:36 - 00000000 ____D () C:\fbadd8fc686dc637737b2ee9
2014-06-04 03:08 - 2014-01-09 04:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-04 03:05 - 2012-02-18 16:50 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 03:03 - 2014-06-04 03:03 - 00000000 ____D () C:\90040027d1b819f59d
2014-06-03 20:14 - 2013-10-25 17:22 - 00000000 ____D () C:\Users\mws\AppData\Local\Battle.net
2014-06-03 13:59 - 2011-10-29 14:55 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-06-03 12:05 - 2014-06-03 12:05 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 12:05 - 2014-06-03 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 12:05 - 2011-10-08 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 05:38 - 2009-07-13 19:34 - 00000543 _____ () C:\Windows\win.ini
2014-06-01 08:31 - 2014-06-01 08:31 - 00000064 _____ () C:\Windows\system32\llkxthi.cvw
2014-06-01 08:31 - 2014-06-01 08:31 - 00000000 _____ () C:\Windows\system32\bkrq.ulh
2014-06-01 08:14 - 2014-06-01 08:14 - 00311784 ____S () C:\Windows\system32\ugul.jvi
2014-06-01 08:13 - 2014-06-01 08:13 - 00070656 _____ (Microsoft Corporation) C:\Users\mws\AppData\Roaming\nzghjot.dll
2014-06-01 05:40 - 2013-12-12 11:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-31 10:55 - 2011-06-20 20:46 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-30 09:27 - 2013-10-25 17:33 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-30 09:26 - 2013-10-25 17:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-29 08:27 - 2014-05-29 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-29 08:27 - 2012-11-16 20:29 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2013.lnk
2014-05-26 11:18 - 2011-06-21 21:43 - 00000132 _____ () C:\Users\mws\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-05-25 04:07 - 2011-06-20 21:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-25 04:07 - 2011-06-20 21:29 - 00000000 ____D () C:\ProgramData\Skype
2014-05-22 06:39 - 2013-04-28 01:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-21 22:41 - 2011-06-20 21:28 - 00000000 ____D () C:\Users\mws\AppData\Roaming\Mozilla
2014-05-21 01:42 - 2011-07-31 00:17 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-05-21 01:41 - 2013-08-07 11:14 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-05-20 21:12 - 2012-03-20 21:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-20 21:11 - 2011-10-16 09:48 - 00000000 ____D () C:\Users\mws\AppData\Roaming\HpUpdate
2014-05-20 05:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 17:20 - 2012-03-21 14:55 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormws
2014-05-17 17:20 - 2012-03-21 14:55 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleFormws.job
2014-05-17 07:24 - 2011-09-24 22:21 - 00005292 _____ () C:\Users\mws\AppData\Roaming\wklnhst.dat
2014-05-15 06:08 - 2013-11-15 13:05 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-05-12 07:26 - 2014-06-03 12:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 12:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 12:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 16:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-10 13:59 - 2011-06-24 15:09 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-05-10 13:59 - 2011-06-24 15:08 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-05-10 13:59 - 2009-07-13 16:52 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
2014-05-10 13:09 - 2014-05-10 13:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-10 13:04 - 2014-05-10 13:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-10 11:33 - 2014-05-10 11:33 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-05-10 11:27 - 2013-10-11 18:50 - 00002115 _____ () C:\Windows\epplauncher.mif
2014-05-10 11:04 - 2013-12-12 11:52 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-05-10 10:48 - 2011-06-20 23:43 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-05-10 10:48 - 2011-06-20 23:43 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-05-10 10:48 - 2011-06-20 23:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-10 10:47 - 2011-06-20 23:42 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-10 10:47 - 2011-06-20 23:42 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-10 10:45 - 2011-06-20 23:35 - 00000000 ____D () C:\Users\mws\AppData\Local\Windows Live
2014-05-10 10:44 - 2014-05-10 10:44 - 00000378 _____ () C:\Windows\DirectX.log
2014-05-10 10:35 - 2014-05-10 10:35 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-10 10:35 - 2014-05-10 10:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-10 10:35 - 2014-05-10 10:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-10 10:35 - 2014-05-10 10:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-10 10:35 - 2014-05-10 10:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-10 10:33 - 2011-10-08 22:33 - 00000000 ____D () C:\Windows\Minidump
2014-05-10 10:32 - 2011-06-21 11:55 - 00000000 ____D () C:\Users\mws\AppData\Roaming\Azureus
2014-05-10 08:33 - 2014-05-10 08:33 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-10 08:04 - 2014-05-10 08:04 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (mws)
2014-05-10 08:03 - 2013-12-12 11:53 - 00000000 ____D () C:\ProgramData\IObit
2014-05-10 08:03 - 2013-12-12 11:52 - 00000000 ____D () C:\Users\mws\AppData\Roaming\IObit
2014-05-10 06:48 - 2013-10-11 20:06 - 00000497 _____ () C:\Users\mws\Desktop\avgrep.txt
2014-05-09 19:26 - 2014-05-09 19:02 - 00018944 _____ () C:\Users\mws\Documents\ResumeTemplate 7.wps
2014-05-09 18:22 - 2014-05-09 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 14:45 - 2013-02-28 18:47 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001UA
2014-05-09 14:45 - 2013-02-28 18:47 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001Core
2014-05-07 17:22 - 2014-05-07 17:21 - 00000000 ____D () C:\Users\mws\Desktop\klk2

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2834470950-1260693826-318364282-1001\$e82c6069076bc3f8c7f4d42d51107711

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e82c6069076bc3f8c7f4d42d51107711

Files to move or delete:
====================
C:\ProgramData\g5h7Mfh8.dat
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At8.job


Some content of TEMP:
====================
C:\Users\mws\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mws\AppData\Local\Temp\SSUPDATE64.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 16:19] - [2013-10-11 05:41] - 0020992 ____A (Microsoft Corporation) 6B62C5B65CCB9252111CDEA300793714

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-24 15:10] - [2010-11-20 06:27] - 0520192 ____A (Microsoft Corporation) 67A6A07AAB5DB6DCB9D20F142613427A

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 06:26

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by mws at 2014-06-05 14:34:27
Running from C:\Users\mws\Pictures
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
AIO_Scan (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL LLC)
Autodesk SketchBookExpress 2011 (HKLM-x32\...\{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}) (Version: 5.00.0000 - Autodesk)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3480 - AVG Technologies)
AVG 2013 (Version: 13.0.3480 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 14.2.0.1 - AVG Technologies)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.3 - Belkin International, Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
BurnAware Free 6.9.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
C6200 (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
C6200_doccd (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon PowerShot A3300 IS and A3200 IS and A2200 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA3300ISandPSA3200ISandPSA2200) (Version: 1.0.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
CDisplayEx 1.9.16 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Circuit Construction Kit (DC Only) (HKCU\...\Circuit Construction Kit (DC Only)) (Version:  - University of Colorado, Department of Physics)
Combined Community Codec Pack 2013-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.04.20.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
CORE Client (HKLM-x32\...\{7A625369-34A4-4D62-9165-2EFCFA41DA1D}) (Version: 1.00.0000 - Perfect World Entertainment)
Corel Painter 13 - IPM (Version: 13.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.0.704 - Corel Corporation)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Daggerfall (DaggerfallSetup 2.6) (HKLM-x32\...\DaggerfallSetup_is1) (Version:  - Bethesda Softworks)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Destination Component (x32 Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
DocProc (x32 Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Dolphin x86 4.0 (HKLM-x32\...\Dolphin x86) (Version: 4.0 - Dolphin Development Team)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Energy Skate Park (HKCU\...\Energy Skate Park) (Version:  - University of Colorado, Department of Physics)
ESO Survey PTS version 1.3.0 (HKLM-x32\...\17CBAF83-B4D1-41CC-B7DC-BFF1D4B9DDAC-pts_is1) (Version: 1.3.0 - Immersyve, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
GOG.com Downloader version 3.5.7 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.5.7 - GOG.com)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.374 - Happy Cloud, Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3422 - Hewlett-Packard) Hidden
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (x32 Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Livestream Procaster (HKLM-x32\...\{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}) (Version: 20.2.0 - Procaster)
LMMS 0.4.15 (HKLM-x32\...\LMMS) (Version: 0.4.15 - LMMS Developers)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.50 (HKLM\...\MediaInfo) (Version: 0.7.50 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MPC-HC 1.7.3 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
MpcStar 5.3 (HKLM-x32\...\MpcStar) (Version: 5.3 - www.mpcstar.com)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NetDeviceManager64 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Painter 13 - Contentx64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
Pale Moon 24.2.1 (x64 en-US) (HKLM\...\Pale Moon 24.2.1 (x64 en-US)) (Version: 24.2.1 - Mozilla)
PanoStandAlone (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版 (HKLM-x32\...\http://pso2.jp/appid/charactercreator_is1) (Version:  - SEGA)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plantronics Spokes Software (HKLM-x32\...\{1DC3160B-3A07-47BB-92C4-E5B8C2601DE8}) (Version: 2.8.24304.0 - Plantronics, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokemon Online 2.4.1 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS_AIO_02_ProductContext (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_min (x32 Version: 90.0.189.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.01.0000 - Hewlett-Packard) Hidden
Python 3.3.4 (HKLM-x32\...\{cc2659bc-d27d-3593-a0a0-9ac0de07a430}) (Version: 3.3.4150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 13-1112-2033 - Peter L Jones)
Scan (x32 Version: 9.0.0.0 - Hewlett-Packard) Hidden
SCHTHACK PSOBB (HKLM-x32\...\SCHTHACK PSOBB) (Version:  - http://strags.com/shpsobb/)
SCHTHACK PSOBB Compatibility Database (HKLM\...\{0d78370e-4086-4292-a82e-f920135dcee4}.sdb) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - )
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Status (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.54.1000 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH)
TESVSFU (HKLM-x32\...\{60215EF1-1B80-43BA-8087-11AF441DB8C6}) (Version: 0.92.0 - James Jensen)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls Online PTS (HKLM-x32\...\The Elder Scrolls Online PTS_is1) (Version: 0.3.4 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\GOGPACKWITCHEREEDC_is1) (Version: 2.0.0.12 - GOG.com)
Toolbox (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viber (HKCU\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
VideoToolkit01 (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
Warcraft III Demo (HKCU\...\Warcraft III Demo) (Version:  - )
Warframe (HKLM-x32\...\{69AD4CC4-4766-4A78-8861-00D83DA06C52}) (Version: 1.0.0 - Digital Extremes)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordBiz version 1.8 (HKLM-x32\...\Internet Scrabble Club_is1) (Version: 1.8 - Internet Scrabble Club)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Model Viewer 64-bit (HKLM\...\{93D15425-809E-499E-9E69-A0C1DE8EE741}) (Version: 07.04.000 - WoWModelViewer.org)
X-Chat 2.8.6-2 (HKLM-x32\...\X-Chat 2_is1) (Version: 2.8.6-2 - SilvereX)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0ADA9D09-AB48-4876-B2A2-1FCEE84BEAB7} - System32\Tasks\{19EE7688-AA65-464B-B714-8F2E26DDC110} => Iexplore.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {0DCCFF33-4B33-49BB-99AD-E3331B5B53E1} - System32\Tasks\{84352995-B434-4051-B87C-E8176B434B33} => Iexplore.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsMain
Task: {161C43EA-2B37-41CF-8451-30124A18BAF8} - System32\Tasks\{7D4D952D-97C5-45DD-BF8C-6B6939ECA5DA} => Iexplore.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsMain
Task: {22829766-F613-4132-B2AD-031DDA5A0886} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {2AE03C40-CFFD-4EB7-B7BD-FF52E92594A2} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {4084BEF2-49F7-44A9-BAB7-6291E1CCA78B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-12-12] ()
Task: {40A7455C-BAAC-4E7E-916E-C4B44EFA417C} - System32\Tasks\{10FC6EAD-DCC1-4405-AD1D-5B7297712F30} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {42E7BC11-B85E-40CA-B958-27FE100D7581} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {4B01E076-C75A-4D23-B961-54DE976D7EAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4F8A7C5D-CC1A-4C41-B1CF-8F15688789CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {50A91D11-F79D-42C2-8296-B0C86769811C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {5ECD2568-2C60-4559-8724-D14195F00DD8} - System32\Tasks\{C8F1B8D1-2A5F-475B-8458-3A040CCC6DA3} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.117/en/go/help.faq.installer?LastError=1618
Task: {715E8116-EBC1-4A57-B25E-8000D93DA85D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {716989D6-0E1C-4A26-8948-CC75948BF0CA} - System32\Tasks\{9DFCF00B-6F27-443C-A0B5-5A06BEA404D9} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: {75EA5902-A0E8-4223-A2E6-D1CFB563655E} - System32\Tasks\Driver Booster SkipUAC (mws) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {81CB3859-EF3D-41B5-9DA9-82E74AC1E373} - System32\Tasks\{0EAFAEBD-84B6-4F22-86BB-F36183C1FBD0} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: {872AC974-4482-4081-A895-E837385320DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001UA => C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {9A6F1EFE-4109-46E9-A004-336E1B6AEE4D} - System32\Tasks\{5245E9B5-41E3-41D1-92D7-D82A61889D91} => Iexplore.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {9B21824A-40B4-485D-862E-1C083442C1D0} - System32\Tasks\{3C176FC2-BA8B-4F52-829D-88CD31998E12} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: {9B32F3D4-7EA9-4584-84A1-102E66D80FD2} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {9B469F9E-4796-4950-B491-A50462FCC46E} - System32\Tasks\{0DB74BE3-3CBA-480E-B728-B8542B6C8C6C} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: {A0C053F1-8F2E-4E0C-9853-F78EFB9E8376} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-13] (Microsoft)
Task: {A3D9A667-E1CD-4D0A-8542-82E8DE80F65E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {BD64E0E6-1DEF-43A4-8EF1-484BF49BB253} - System32\Tasks\{CAB99BC2-6CB2-4CA9-8A6D-CE6412B733B6} => Iexplore.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {C6772325-B314-4F23-B40F-D951DE260D8B} - System32\Tasks\{9E485E7E-FF8C-4395-92EA-268A3EEEA596} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: {C94F94BC-1E76-43DC-9576-B954E2323EDB} - System32\Tasks\{675CC031-1B72-4573-8DCC-3D83E525D3C9} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: {D281FE1C-DC03-40DF-85E9-BFC2EFE0EC60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001Core => C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {ED4AA769-7735-49DD-A8DD-3A263E47EB49} - System32\Tasks\HPCeeScheduleFormws => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {F576902F-3E49-4D85-A1AB-7F9C1F758A95} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {F6240DE1-62E9-4AE2-8A78-37EF3517FB0A} - System32\Tasks\{811ACE45-EE2C-4A0C-8EA8-2CFC16CF4385} => C:\Program Files (x86)\Steam\steamapps\common\skyrim\skse_loader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At31.job => C:\ProgramData\0TLBgNu5.exe
Task: C:\Windows\Tasks\At8.job => C:\ProgramData\0TLBgNu5.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001Core.job => C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001UA.job => C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormws.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-11-11 18:03 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-24 19:17 - 2010-02-17 19:25 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2011-12-24 19:17 - 2010-02-09 16:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2013-02-19 06:23 - 2013-02-19 06:23 - 00968880 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
2012-10-16 02:39 - 2012-10-16 02:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2011-12-24 19:45 - 2012-11-14 15:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2011-12-24 19:17 - 2010-02-17 19:25 - 00149504 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2011-12-24 19:15 - 2011-04-29 19:30 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2009-10-22 19:50 - 2009-10-22 19:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-06-20 20:53 - 2009-10-28 10:38 - 00118784 _____ () c:\program files (x86)\common files\aol\1308628324\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
2011-12-24 19:14 - 2011-02-15 15:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-12-24 19:14 - 2011-02-15 15:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-12-24 19:14 - 2011-02-15 15:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-12-24 19:14 - 2011-02-15 15:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-12-24 19:14 - 2011-02-15 14:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2011-12-24 19:15 - 2011-04-29 18:55 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2014-05-09 18:21 - 2014-05-09 18:21 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ESO Survey PTS.lnk => C:\Windows\pss\ESO Survey PTS.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^mws^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^mws^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\mws\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: PlantronicsBatteryStatus.exe => C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
MSCONFIG\startupreg: PlantronicsURE.exe => C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 02:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x107c
Faulting application start time: 0xsvchost.exe_HPSLPSVC0
Faulting application path: svchost.exe_HPSLPSVC1
Faulting module path: svchost.exe_HPSLPSVC2
Report Id: svchost.exe_HPSLPSVC3

Error: (06/05/2014 06:14:24 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2931368' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2931368_20140605_061358337-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 06:13:52 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2898864' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2898864_20140605_061254580-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:57:22 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2861208' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2861208_20140605_025659235-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:56:55 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2742613' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2742613_20140605_025627302-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:56:19 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2901118' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2901118_20140605_025551859-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:55:47 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2840642v2' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2840642_20140605_025520550-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:55:13 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2737083' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2737083_20140605_025443391-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:54:37 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2789648' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2789648_20140605_025342036-Microsoft .NET Framework 4.5-MSP0.txt.

Error: (06/05/2014 02:53:37 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5 - Update 'KB2931368' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2931368_20140605_025308246-Microsoft .NET Framework 4.5-MSP0.txt.


System errors:
=============
Error: (06/05/2014 02:27:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2014 02:27:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2014 02:27:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2014 02:27:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2014 02:20:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Network Devices Support service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2014 02:00:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2014 02:00:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/05/2014 01:58:50 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (06/05/2014 01:59:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:22:06 AM on ‎6/‎5/‎2014 was unexpected.

Error: (06/05/2014 06:04:44 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.


Microsoft Office Sessions:
=========================
Error: (06/05/2014 02:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_HPSLPSVC6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000000000000107c01cf81012eb3a020C:\Windows\system32\svchost.exeunknown327c50a0-ecf7-11e3-b137-00038a000015

Error: (06/05/2014 06:14:24 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB29313681603C:\Windows\TEMP\KB2931368_20140605_061358337-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 06:13:52 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB28988641603C:\Windows\TEMP\KB2898864_20140605_061254580-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:57:22 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB28612081603C:\Windows\TEMP\KB2861208_20140605_025659235-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:56:55 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB27426131603C:\Windows\TEMP\KB2742613_20140605_025627302-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:56:19 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB29011181603C:\Windows\TEMP\KB2901118_20140605_025551859-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:55:47 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB2840642v21603C:\Windows\TEMP\KB2840642_20140605_025520550-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:55:13 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB27370831603C:\Windows\TEMP\KB2737083_20140605_025443391-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:54:37 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB27896481603C:\Windows\TEMP\KB2789648_20140605_025342036-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)

Error: (06/05/2014 02:53:37 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5KB29313681603C:\Windows\TEMP\KB2931368_20140605_025308246-Microsoft .NET Framework 4.5-MSP0.txt(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-01-09 03:20:19.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\34F6C67D-3933-43D7-B38B-E0E2467E6258\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-09 03:20:18.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\34F6C67D-3933-43D7-B38B-E0E2467E6258\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-09 03:20:16.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\34F6C67D-3933-43D7-B38B-E0E2467E6258\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-09 03:20:16.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\34F6C67D-3933-43D7-B38B-E0E2467E6258\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-09 03:20:15.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\34F6C67D-3933-43D7-B38B-E0E2467E6258\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-09 03:20:14.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\34F6C67D-3933-43D7-B38B-E0E2467E6258\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 5887.24 MB
Available physical RAM: 3785.56 MB
Total Pagefile: 11772.66 MB
Available Pagefile: 8975.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.64 GB) (Free:210.11 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.77 GB) (Free:0.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=921 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 06 June 2014 - 01:08 PM

Hi Talishi,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------
 
Have you set settings to limit the amount of time you are allowed to be logged on for?
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -  No File
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
2014-06-01 08:42 - 2014-06-05 14:10 - 00000083 _____ () C:\Windows\system32\vvwwzdz.dka
2014-06-01 08:31 - 2014-06-01 08:31 - 00000064 _____ () C:\Windows\system32\llkxthi.cvw
2014-06-01 08:31 - 2014-06-01 08:31 - 00000000 _____ () C:\Windows\system32\bkrq.ulh
2014-06-01 08:14 - 2014-06-01 08:14 - 00311784 ____S () C:\Windows\system32\ugul.jvi
2014-06-01 08:13 - 2014-06-01 08:13 - 00070656 _____ (Microsoft Corporation) C:\Users\mws\AppData\Roaming\nzghjot.dll
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2834470950-1260693826-318364282-1001\$e82c6069076bc3f8c7f4d42d51107711
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e82c6069076bc3f8c7f4d42d51107711
C:\ProgramData\g5h7Mfh8.dat
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At8.job
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Answer to logon question
  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 06 June 2014 - 08:34 PM

Thank you. No, I have never limited how long the computer can stay logged in. Here is the fixlog file. When will it be safe to reconnect to the internet?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014 Ran by mws at 2014-06-06 18:10:01 Run:1 Running from C:\Users\mws\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2834470950-1260693826-318364282-1001\...\Run: [AdobeBridge] => [X] SearchScopes: HKLM - DefaultScope value is missing. BHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No File BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] 2014-06-01 08:42 - 2014-06-05 14:10 - 00000083 _____ () C:\Windows\system32\vvwwzdz.dka 2014-06-01 08:31 - 2014-06-01 08:31 - 00000064 _____ () C:\Windows\system32\llkxthi.cvw 2014-06-01 08:31 - 2014-06-01 08:31 - 00000000 _____ () C:\Windows\system32\bkrq.ulh 2014-06-01 08:14 - 2014-06-01 08:14 - 00311784 ____S () C:\Windows\system32\ugul.jvi 2014-06-01 08:13 - 2014-06-01 08:13 - 00070656 _____ (Microsoft Corporation) C:\Users\mws\AppData\Roaming\nzghjot.dll ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2834470950-1260693826-318364282-1001\$e82c6069076bc3f8c7f4d42d51107711 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$e82c6069076bc3f8c7f4d42d51107711 C:\ProgramData\g5h7Mfh8.dat C:\Windows\Tasks\At31.job C:\Windows\Tasks\At8.job Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll ***************** HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKU\S-1-5-21-2834470950-1260693826-318364282-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully. HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully. HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully. HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Value deleted successfully. HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. EagleX64 => Service deleted successfully. wacommousefilter => Service deleted successfully. wacomvhid => Service deleted successfully. C:\Windows\system32\vvwwzdz.dka => Moved successfully. C:\Windows\system32\llkxthi.cvw => Moved successfully. Could not move "C:\Windows\system32\bkrq.ulh" => Scheduled to move on reboot. Could not move "C:\Windows\system32\ugul.jvi" => Scheduled to move on reboot. C:\Users\mws\AppData\Roaming\nzghjot.dll => Moved successfully. C:\$Recycle.Bin\S-1-5-21-2834470950-1260693826-318364282-1001\$e82c6069076bc3f8c7f4d42d51107711 => Moved successfully. C:\$Recycle.Bin\S-1-5-18\$e82c6069076bc3f8c7f4d42d51107711 => Moved successfully. C:\ProgramData\g5h7Mfh8.dat => Moved successfully. C:\Windows\Tasks\At31.job => Moved successfully. C:\Windows\Tasks\At8.job => Moved successfully. C:\Windows\System32\rpcss.dll => Moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-06 18:12:36)<= C:\Windows\system32\bkrq.ulh => Is moved successfully. C:\Windows\system32\ugul.jvi => Is moved successfully. ==== End of Fixlog ====

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 07 June 2014 - 10:17 AM

Hi Talishi,
 
Okay, good to know. I will tell you once it is safe to reconnect.
 
On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • In the search box, type svchost.exe;dllhost.exe
  • Press Search File(s) button.
  • It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.

--------------

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Search.txt log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 07 June 2014 - 05:57 PM

Hello. Someone else in the house used the infected computer online while I was not home. I hope that does not screw up anything you've helped me do so far. Here is search.txt.

 

Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by SYSTEM at 2014-06-07 15:33:00
Running from F:\
Boot Mode: Recovery

================== Search Files: "svchost.exe;dllhost.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19] - [2013-10-11 04:41] - 0020992 ____A (Microsoft Corporation) 6B62C5B65CCB9252111CDEA300793714

C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe
[2009-07-13 15:43] - [2013-10-11 04:41] - 0007168 ____A (Microsoft Corporation) 292487151CC8C6167F5C77ADE8C433F0

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
[2009-07-13 15:59] - [2013-10-11 04:41] - 0009728 ____A (Microsoft Corporation) 325840783BD4898B2E1425580B7B8D45

C:\Windows\SysWOW64\dllhost.exe
[2009-07-13 15:43] - [2013-10-11 04:41] - 0007168 ____A (Microsoft Corporation) 292487151CC8C6167F5C77ADE8C433F0

C:\Windows\SysWOW64\svchost.exe
[2009-07-13 15:19] - [2013-10-11 04:41] - 0020992 ____A (Microsoft Corporation) 6B62C5B65CCB9252111CDEA300793714

C:\Windows\System32\dllhost.exe
[2009-07-13 15:59] - [2013-10-11 04:41] - 0009728 ____A (Microsoft Corporation) 325840783BD4898B2E1425580B7B8D45

C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\Chameleon\Windows\svchost.exe
[2014-06-03 11:05] - [2014-05-12 06:24] - 0750392 ____A (MalwareBytes) 09882E8EDD1144E6EF1AF6D1F98305EE

X:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
[2009-07-13 15:59] - [2009-07-13 17:39] - 0009728 ____A (Microsoft Corporation) A8EDB86FC2A4D6D1285E4C70384AC35A

X:\Windows\System32\dllhost.exe
[2009-07-13 15:59] - [2009-07-13 17:39] - 0009728 ____A (Microsoft Corporation) A8EDB86FC2A4D6D1285E4C70384AC35A

X:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

====== End Of Search ======



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 08 June 2014 - 05:52 AM

Hi Talishi,
 
I don't think it should, but I'll have to see when I get a new log.
 
Also, do you have your Windows CD?

Running a fix Using Farbar's Recovery Scan Tool in the Recovery Environment:

  • From your clean computer, press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Replace: X:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe
Replace: X:\Windows\System32\dllhost.exe C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
  • Insert the USB device into your infected computer
  • Follow the process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool.

On a clean machine, please download Farbar Recovery Scan Tool and save it to the USB (feel free to use the frst download from my last instructions, if you still have it on the USB).
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Do you have your Windows CD
  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 08 June 2014 - 10:43 AM

Hello.I do not have my windows CD. I don't think my computer came with one. The tool ran a lot faster than usual. Here is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by SYSTEM at 2014-06-08 08:36:29 Run:2
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Replace: X:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe
Replace: X:\Windows\System32\dllhost.exe C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
*****************

C:\Windows\System32\dllhost.exe => Moved successfully.
X:\Windows\System32\dllhost.exe copied successfully to C:\Windows\System32\dllhost.exe
C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe => Moved successfully.
X:\Windows\System32\dllhost.exe copied successfully to C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe

==== End of Fixlog ====



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 08 June 2014 - 11:16 AM

Hi Talishi,
 
Running Combofix:

Download Combofix from this link and save it to your desktop

  • Close any open browsers or any other programs that are open.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • You can also find the log here: C:\ComboFix.txt

Please also note:

  • Do not click combofix's window while it's running. That may cause combofix to stall.
  • Combofix may reboot your computer a number of times, this is normal.
  • If you receive an error, "Illegal operation attempted on a registry key that has been marked for deletion,"  then please restart the computer to resolve this.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Combofix.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 08 June 2014 - 12:21 PM

Thank you so much for all your help so far. Here is combofix.txt. It does seem to mention Avast was running during the scan, but I did disable Avast while Combofix did it's thing.

 

ComboFix 14-06-04.01 - mws 06/08/2014   9:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.3726 [GMT -7:00]
Running from: c:\users\mws\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0TLBgNu5.exe.b
c:\programdata\0TLBgNu5.exe_.b
c:\users\mws\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\mws\AppData\Roaming\.#
.
c:\windows\SysWow64\svchost.exe . . . is infected!!
.
Infected copy of c:\windows\System32\dllhost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
.
Infected copy of c:\windows\System32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-08 to 2014-06-08  )))))))))))))))))))))))))))))))
.
.
2014-06-08 16:58 . 2014-06-08 16:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-08 16:58 . 2014-06-08 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-07 14:38 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-07 14:25 . 2014-06-07 14:26 -------- d-----w- C:\a40a77cd314f11062b6913d392
2014-06-07 10:01 . 2014-06-07 15:14 -------- d-----w- C:\6fe30ec1994ec6f23805aa7a94dd3a1e
2014-06-07 00:17 . 2014-06-07 00:17 -------- d-----w- c:\users\mws\AppData\Roaming\AVAST Software
2014-06-07 00:03 . 2014-06-07 00:04 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-06-07 00:03 . 2014-06-07 00:03 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-07 00:03 . 2014-06-07 00:04 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-07 00:03 . 2014-06-07 00:04 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-06-07 00:03 . 2014-06-07 00:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-07 00:03 . 2014-06-07 00:03 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-07 00:03 . 2014-06-07 00:03 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-07 00:03 . 2014-06-07 00:03 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-06-07 00:03 . 2014-06-07 00:03 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-07 00:03 . 2014-06-07 00:03 43152 ----a-w- c:\windows\avastSS.scr
2014-06-07 00:02 . 2014-06-07 00:02 -------- d-----w- c:\program files\AVAST Software
2014-06-07 00:00 . 2014-06-07 00:01 -------- d-----w- c:\programdata\AVAST Software
2014-06-06 23:29 . 2014-05-20 08:18 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F926CA-8747-4C72-80FE-A099C5E31736}\mpengine.dll
2014-06-06 10:37 . 2014-06-06 10:37 -------- d-----w- C:\0482d42dce3bcd763093069c6c
2014-06-06 10:03 . 2014-06-06 10:03 -------- d-----w- C:\1c61f6bac3448b9f180d667ec5
2014-06-05 21:32 . 2014-06-08 16:36 -------- d-----w- C:\FRST
2014-06-05 13:22 . 2014-06-05 13:22 -------- d-----w- C:\20f4b063d426b41203
2014-06-05 13:13 . 2014-06-05 13:14 -------- d-----w- C:\e8fcfac3be02bb5c7e
2014-06-05 09:53 . 2014-06-05 09:53 -------- d-----w- C:\8d9d12d810b4b8bef141cf496f47
2014-06-04 11:36 . 2014-06-04 11:37 -------- d-----w- C:\fbadd8fc686dc637737b2ee9
2014-06-04 10:03 . 2014-06-04 10:03 -------- d-----w- C:\90040027d1b819f59d
2014-06-03 19:05 . 2014-06-04 21:47 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-03 19:05 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-03 19:05 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-03 19:05 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-25 11:07 . 2014-05-25 11:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-10 20:04 . 2014-05-10 20:04 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-10 18:33 . 2014-05-10 18:33 -------- d-----w- c:\programdata\REGSERVO64
2014-05-10 17:35 . 2014-05-10 17:35 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-10 17:35 . 2014-05-10 17:35 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-10 17:35 . 2014-05-10 17:35 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-05-10 17:35 . 2014-05-10 17:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-05-10 17:35 . 2014-05-10 17:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-05-10 17:35 . 2014-05-10 17:35 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-05-10 17:35 . 2014-05-10 17:35 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-05-10 17:35 . 2014-05-10 17:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-05-10 15:04 . 2013-11-19 23:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-05-10 15:04 . 2014-03-11 01:17 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-04 10:05 . 2012-02-18 23:50 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-10 20:59 . 2011-06-24 22:08 3524608 ----a-w- c:\windows\system32\sppsvc.exe
2014-05-10 20:59 . 2011-06-24 22:09 533504 ----a-w- c:\windows\system32\vds.exe
2014-05-10 20:59 . 2009-07-13 23:52 40960 ----a-w- c:\windows\system32\UI0Detect.exe
2014-05-03 00:41 . 2014-05-03 00:41 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-03 00:41 . 2012-10-11 05:23 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-03 00:41 . 2014-05-03 00:40 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-03 00:40 . 2014-05-03 00:40 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-03 00:40 . 2014-05-03 00:40 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-03 00:40 . 2014-05-03 00:40 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-03 00:40 . 2014-05-03 00:40 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-03 00:40 . 2014-05-03 00:40 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-03 00:40 . 2014-05-03 00:40 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-03 00:40 . 2014-05-03 00:40 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-03 00:40 . 2014-05-03 00:40 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-03 00:40 . 2014-05-03 00:40 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-05-03 00:40 . 2014-05-03 00:40 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-05-03 00:40 . 2014-05-03 00:40 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-03 00:40 . 2014-05-03 00:40 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-03 00:40 . 2014-05-03 00:40 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-03 00:40 . 2014-05-03 00:40 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-03 00:40 . 2014-05-03 00:40 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-03 00:40 . 2014-05-03 00:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-03 00:40 . 2014-05-03 00:40 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-03 00:40 . 2012-10-11 05:22 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-03 00:40 . 2014-05-03 00:40 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-03 00:40 . 2014-05-03 00:40 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-03 00:40 . 2014-05-03 00:40 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-03 00:40 . 2012-10-11 05:23 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-04-29 14:01 . 2014-05-02 10:06 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-04-29 13:40 . 2014-05-02 10:06 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 12:34 . 2014-05-02 10:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-02 18:52 . 2014-04-02 18:52 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-02 18:52 . 2014-04-02 18:52 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-02 18:51 . 2014-04-02 18:51 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-04-02 18:51 . 2014-04-02 18:51 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-31 16:35 . 2011-06-21 04:02 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2011-08-26 00:04 47120 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HostManager"="c:\program files (x86)\Common Files\AOL\1308628324\ee\AOLSoftware.exe" [2009-07-20 41264]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-30 1770400]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-07 3890208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\phantasystaronline2\pso2_bin\GameGuard\dump_wmimmc.sys;c:\phantasystaronline2\pso2_bin\GameGuard\dump_wmimmc.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001Core.job
- c:\users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01 13:21]
.
2014-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001UA.job
- c:\users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01 13:21]
.
2014-05-18 c:\windows\Tasks\HPCeeScheduleFormws.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2014-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-07 00:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-12 13662936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Circuit Construction Kit (DC Only) - c:\windows\system32\javaws.exe
AddRemove-Energy Skate Park - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\02\15\1271g"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2014-06-08  10:14:07 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-08 17:14
.
Pre-Run: 213,543,649,280 bytes free
Post-Run: 216,932,024,320 bytes free
.
- - End Of File - - AB0F9BDF00FE3BF6BEDF8554B84F01D6
659065F541C7D7169FE08CA8F30DF343
 



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 AM

Posted 08 June 2014 - 01:03 PM

Hi Talishi,
 
Please start by opening Notepad and copy/paste the text in the box into the window:

RESTORE::
c:\windows\SysWow64\svchost.exe
c:\windows\System32\dllhost.exe

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into combofix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Combofix log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 Talishi

Talishi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 08 June 2014 - 01:49 PM

Hello, here is the log Combo Fix made.

 

ComboFix 14-06-04.01 - mws 06/08/2014  11:15:43.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4282 [GMT -7:00]
Running from: c:\users\mws\Desktop\ComboFix.exe
Command switches used :: c:\users\mws\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mws\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
Infected copy of c:\windows\System32\dllhost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
.
c:\windows\SysWow64\svchost.exe . . . is infected!!
.
Infected copy of c:\windows\System32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-08 to 2014-06-08  )))))))))))))))))))))))))))))))
.
.
2014-06-08 18:25 . 2014-06-08 18:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-08 18:25 . 2014-06-08 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-07 14:38 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-07 14:25 . 2014-06-07 14:26 -------- d-----w- C:\a40a77cd314f11062b6913d392
2014-06-07 10:01 . 2014-06-07 15:14 -------- d-----w- C:\6fe30ec1994ec6f23805aa7a94dd3a1e
2014-06-07 00:17 . 2014-06-07 00:17 -------- d-----w- c:\users\mws\AppData\Roaming\AVAST Software
2014-06-07 00:03 . 2014-06-07 00:04 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-06-07 00:03 . 2014-06-07 00:03 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-07 00:03 . 2014-06-07 00:04 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-07 00:03 . 2014-06-07 00:04 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-06-07 00:03 . 2014-06-07 00:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-07 00:03 . 2014-06-07 00:03 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-07 00:03 . 2014-06-07 00:03 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-07 00:03 . 2014-06-07 00:03 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-06-07 00:03 . 2014-06-07 00:03 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-07 00:03 . 2014-06-07 00:03 43152 ----a-w- c:\windows\avastSS.scr
2014-06-07 00:02 . 2014-06-07 00:02 -------- d-----w- c:\program files\AVAST Software
2014-06-07 00:00 . 2014-06-07 00:01 -------- d-----w- c:\programdata\AVAST Software
2014-06-06 23:29 . 2014-05-20 08:18 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F926CA-8747-4C72-80FE-A099C5E31736}\mpengine.dll
2014-06-06 10:37 . 2014-06-06 10:37 -------- d-----w- C:\0482d42dce3bcd763093069c6c
2014-06-06 10:03 . 2014-06-06 10:03 -------- d-----w- C:\1c61f6bac3448b9f180d667ec5
2014-06-05 21:32 . 2014-06-08 16:36 -------- d-----w- C:\FRST
2014-06-05 13:22 . 2014-06-05 13:22 -------- d-----w- C:\20f4b063d426b41203
2014-06-05 13:13 . 2014-06-05 13:14 -------- d-----w- C:\e8fcfac3be02bb5c7e
2014-06-05 09:53 . 2014-06-05 09:53 -------- d-----w- C:\8d9d12d810b4b8bef141cf496f47
2014-06-04 11:36 . 2014-06-04 11:37 -------- d-----w- C:\fbadd8fc686dc637737b2ee9
2014-06-04 10:03 . 2014-06-04 10:03 -------- d-----w- C:\90040027d1b819f59d
2014-06-03 19:05 . 2014-06-04 21:47 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-03 19:05 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-03 19:05 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-03 19:05 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-25 11:07 . 2014-05-25 11:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-10 20:04 . 2014-05-10 20:04 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-10 18:33 . 2014-05-10 18:33 -------- d-----w- c:\programdata\REGSERVO64
2014-05-10 17:35 . 2014-05-10 17:35 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-10 17:35 . 2014-05-10 17:35 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-10 17:35 . 2014-05-10 17:35 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-05-10 17:35 . 2014-05-10 17:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-05-10 17:35 . 2014-05-10 17:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-05-10 17:35 . 2014-05-10 17:35 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-05-10 17:35 . 2014-05-10 17:35 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-05-10 17:35 . 2014-05-10 17:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-05-10 15:04 . 2013-11-19 23:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-05-10 15:04 . 2014-03-11 01:17 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-04 10:05 . 2012-02-18 23:50 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-10 20:59 . 2011-06-24 22:08 3524608 ----a-w- c:\windows\system32\sppsvc.exe
2014-05-10 20:59 . 2011-06-24 22:09 533504 ----a-w- c:\windows\system32\vds.exe
2014-05-10 20:59 . 2009-07-13 23:52 40960 ----a-w- c:\windows\system32\UI0Detect.exe
2014-05-03 00:41 . 2014-05-03 00:41 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-03 00:41 . 2012-10-11 05:23 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-03 00:41 . 2014-05-03 00:40 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-03 00:40 . 2014-05-03 00:40 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-03 00:40 . 2014-05-03 00:40 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-03 00:40 . 2014-05-03 00:40 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-03 00:40 . 2014-05-03 00:40 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-03 00:40 . 2014-05-03 00:40 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-03 00:40 . 2014-05-03 00:40 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-03 00:40 . 2014-05-03 00:40 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-03 00:40 . 2014-05-03 00:40 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-03 00:40 . 2014-05-03 00:40 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-05-03 00:40 . 2014-05-03 00:40 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-05-03 00:40 . 2014-05-03 00:40 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-03 00:40 . 2014-05-03 00:40 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-03 00:40 . 2014-05-03 00:40 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-03 00:40 . 2014-05-03 00:40 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-03 00:40 . 2014-05-03 00:40 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-03 00:40 . 2014-05-03 00:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-03 00:40 . 2014-05-03 00:40 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-03 00:40 . 2012-10-11 05:22 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-03 00:40 . 2014-05-03 00:40 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-03 00:40 . 2014-05-03 00:40 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-03 00:40 . 2014-05-03 00:40 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-03 00:40 . 2012-10-11 05:23 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-04-29 14:01 . 2014-05-02 10:06 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-04-29 13:40 . 2014-05-02 10:06 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 12:34 . 2014-05-02 10:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-02 18:52 . 2014-04-02 18:52 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-02 18:52 . 2014-04-02 18:52 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-02 18:51 . 2014-04-02 18:51 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-04-02 18:51 . 2014-04-02 18:51 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-31 16:35 . 2011-06-21 04:02 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2011-08-26 00:04 47120 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HostManager"="c:\program files (x86)\Common Files\AOL\1308628324\ee\AOLSoftware.exe" [2009-07-20 41264]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-30 1770400]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-07 3890208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\phantasystaronline2\pso2_bin\GameGuard\dump_wmimmc.sys;c:\phantasystaronline2\pso2_bin\GameGuard\dump_wmimmc.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001Core.job
- c:\users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01 13:21]
.
2014-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834470950-1260693826-318364282-1001UA.job
- c:\users\mws\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01 13:21]
.
2014-05-18 c:\windows\Tasks\HPCeeScheduleFormws.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2014-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-07 00:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\mws\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-12 13662936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\mws\AppData\Roaming\Mozilla\Firefox\Profiles\q7kt4m6i.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\02\15\1271g"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2014-06-08  11:42:06 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-08 18:42
ComboFix2.txt  2014-06-08 17:14
.
Pre-Run: 213,806,936,064 bytes free
Post-Run: 216,805,879,808 bytes free
.
- - End Of File - - BEA9773AB01BBC809B3D82357EE50F91
659065F541C7D7169FE08CA8F30DF343
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users