Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS File System detected


  • This topic is locked This topic is locked
10 replies to this topic

#1 cubes

cubes

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 07 June 2014 - 03:04 PM

Hi.

 

I've been asked to post in the forum - previous thread is here

 

I used TDSSKiller and it detected a TDSS filesystem.  We've tried to remove it using TDSSKiller above but it still seems to be here.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:09 AM

Posted 10 June 2014 - 02:52 AM

Hello and Welcome on board cubes :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 cubes

cubes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 10 June 2014 - 12:41 PM

Hi, hopefully we'll get this sorted!  Logs are below.

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by mark (administrator) on PEOPLESREPUBLIC on 10-06-2014 18:38:43
Running from C:\Users\mark\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Windows\System32\CNAC6RPD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => E:\programs\office2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [597736 2011-03-24] (SANDBOXIE L.T.D)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5100 Status Window.lnk
ShortcutTarget: Canon LBP5100 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C74CAC61DEBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {6665B1E0-1581-A76A-A58D-459E2BD60ADB} URL = http://startsear.ch/?aff=3&src=sp&cf=45de4147-f455-11e0-a0f5-001a4d4c8022&q={searchTerms}
SearchScopes: HKCU - DefaultScope {18BA330D-7E1E-4147-886D-DD8CFAB9C5FB} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294
SearchScopes: HKCU - {18BA330D-7E1E-4147-886D-DD8CFAB9C5FB} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {6665B1E0-1581-A76A-A58D-459E2BD60ADB} URL = http://startsear.ch/?aff=3&src=sp&cf=45de4147-f455-11e0-a0f5-001a4d4c8022&q={searchTerms}
SearchScopes: HKCU - {93D3C758-344C-477F-AAA4-3380AD4732BC} URL = http://startsear.ch/?aff=3&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\programs\office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\programs\office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: https://www.google.co.uk/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - E:\programs\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - E:\programs\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: British English Dictionary - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-10-19]
FF Extension: Enhanced Steam - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2013-12-30]
FF Extension: FlashGot - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-03-25]
FF Extension: Property Bee - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2011-03-30]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-28]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\mark\AppData\Local\funmoods.crx []
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-01-26]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\programs\office2010\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [95976 2011-03-24] (SANDBOXIE L.T.D)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [148072 2011-03-24] (SANDBOXIE L.T.D)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-04-09] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va005; \??\C:\Users\mark\AppData\Local\Temp\005E8EC.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 18:38 - 2014-06-10 18:38 - 00021125 _____ () C:\Users\mark\Downloads\FRST.txt
2014-06-10 18:37 - 2014-06-10 18:38 - 00000000 ____D () C:\FRST
2014-06-10 18:37 - 2014-06-10 18:37 - 02080768 _____ (Farbar) C:\Users\mark\Downloads\FRST64.exe
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Local\BBC
2014-06-08 23:05 - 2014-06-08 23:05 - 21544960 _____ () C:\Users\mark\Downloads\BBC-iPlayer-Downloads(1).msi
2014-06-07 21:01 - 2014-06-07 21:02 - 00019397 _____ () C:\Users\mark\Desktop\dds.txt
2014-06-07 21:01 - 2014-06-07 21:02 - 00012204 _____ () C:\Users\mark\Desktop\attach.txt
2014-06-07 21:00 - 2014-06-07 21:00 - 00688992 ____R (Swearware) C:\Users\mark\Downloads\dds.com
2014-06-06 21:53 - 2014-06-06 21:54 - 00008192 _____ ( ) C:\Users\mark\Downloads\DMPUpdater.exe
2014-06-06 19:40 - 2014-06-06 19:40 - 04161050 _____ () C:\Users\mark\Downloads\tdsskiller(1).zip
2014-06-06 00:10 - 2014-06-06 00:10 - 00000000 ____D () C:\New folder
2014-06-05 18:43 - 2014-06-05 18:43 - 04156051 _____ () C:\Users\mark\Downloads\tdsskiller.zip
2014-06-04 23:03 - 2014-06-04 23:03 - 00000000 ____D () C:\Users\mark\AppData\Local\SniperV2
2014-06-04 19:25 - 2014-06-04 19:26 - 00002114 _____ () C:\Users\mark\Desktop\Rkill.txt
2014-06-04 19:25 - 2014-06-04 19:26 - 00000000 ____D () C:\rkill
2014-06-04 19:25 - 2014-06-04 19:25 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\mark\Downloads\rkill.exe
2014-06-04 19:16 - 2014-06-04 19:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-04 19:15 - 2014-06-04 19:23 - 00000000 ____D () C:\Users\mark\Desktop\mbar
2014-06-04 19:14 - 2014-06-04 19:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\mark\Downloads\mbar-1.07.0.1009.exe
2014-06-04 18:56 - 2014-06-10 18:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 18:55 - 2014-06-04 19:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 18:55 - 2014-06-04 18:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mark\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 18:53 - 2014-06-04 18:53 - 00033700 _____ () C:\Users\mark\Downloads\Result.txt
2014-06-04 18:52 - 2014-06-04 18:52 - 00982016 _____ (Farbar) C:\Users\mark\Downloads\MiniToolBox.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00410112 _____ (Farbar) C:\Users\mark\Downloads\FSS.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00002078 _____ () C:\Users\mark\Downloads\FSS.txt
2014-06-04 18:46 - 2014-06-04 18:46 - 00854367 _____ () C:\Users\mark\Downloads\SecurityCheck.exe
2014-06-03 22:05 - 2014-06-03 22:05 - 00002259 _____ () C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\Program Files (x86)\PokerStrategy.com
2014-06-03 22:02 - 2014-06-03 22:04 - 00000000 ____D () C:\Program Files (x86)\PokerStove
2014-06-03 22:02 - 2014-06-03 22:02 - 00001035 _____ () C:\Users\mark\Desktop\PokerStove.lnk
2014-06-03 22:02 - 2014-06-03 22:02 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-06-03 21:02 - 2014-06-06 19:42 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-03 00:09 - 2014-06-03 00:09 - 00000382 _____ () C:\Users\mark\Downloads\defogger_enable.log
2014-06-03 00:01 - 2014-06-03 00:01 - 00050477 _____ () C:\Users\mark\Downloads\Defogger.exe
2014-06-03 00:01 - 2014-06-03 00:01 - 00000648 _____ () C:\Users\mark\Downloads\defogger_disable.log
2014-06-02 22:46 - 2014-06-02 22:46 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\mark\Downloads\tdsskiller.exe
2014-06-02 20:50 - 2014-06-02 20:50 - 01789440 _____ () C:\Users\mark\Downloads\MissionControllerMCE69.zip
2014-06-01 19:13 - 2014-06-01 19:18 - 219451392 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86.msi
2014-06-01 19:13 - 2014-06-01 19:13 - 05541888 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86_helppack_en-GB.msi
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-31 17:59 - 2014-05-31 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 17:59 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-31 17:59 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-31 17:59 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-31 17:59 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-31 17:57 - 2014-05-31 17:59 - 00003999 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-31 17:57 - 2014-05-31 17:57 - 00918952 _____ (Oracle Corporation) C:\Users\mark\Downloads\jxpiinstall(2).exe
2014-05-30 14:34 - 2014-05-30 14:34 - 03051850 _____ () C:\Users\mark\Downloads\pirates_gold_map.zip
2014-05-30 14:34 - 2014-05-30 14:34 - 00001989 _____ () C:\Users\Public\Desktop\Pirates! GOLD.lnk
2014-05-30 14:34 - 2014-05-30 14:34 - 00001943 _____ () C:\Users\Public\Desktop\Pirates!.lnk
2014-05-30 14:34 - 2012-06-14 14:47 - 00000000 ____D () C:\Users\mark\Documents\pirates_gold_map
2014-05-30 14:33 - 2014-05-30 14:34 - 45155672 _____ (GOG.com ) C:\Users\mark\Downloads\setup_pirates_pack_2.0.0.28.exe
2014-05-28 17:05 - 2013-02-06 13:54 - 17896392 _____ () C:\Users\mark\Documents\SUNP0001.AVI
2014-05-24 22:52 - 2014-05-24 22:52 - 00003150 _____ () C:\Windows\System32\Tasks\{CCC0453D-577A-4AE4-A5E1-15738E8A32E2}
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\testaccount\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\steve\Desktop\Race Into Space.lnk
2014-05-24 22:50 - 2014-05-24 22:50 - 58580747 _____ () C:\Users\mark\Downloads\raceintospace-1.1.exe
2014-05-16 18:40 - 2014-06-10 18:32 - 00000000 ____D () C:\Users\mark\AppData\Roaming\DropboxMaster
2014-05-16 00:24 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:24 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:24 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:24 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:24 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:24 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:13 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 19:13 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 19:13 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 19:13 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 19:13 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 19:13 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 19:13 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 19:13 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 19:13 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 19:13 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 19:13 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 19:13 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:13 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 19:13 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 19:13 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 19:13 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 19:13 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 19:13 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 19:13 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 19:13 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:05 - 2014-05-14 23:05 - 44594711 _____ () C:\Users\mark\Downloads\saintsrow3_ost_mp3_1374796048.zip
2014-05-13 22:47 - 2014-05-13 22:48 - 72493419 _____ () C:\Users\mark\Downloads\Scorched3D-43.3d.exe

==================== One Month Modified Files and Folders =======

2014-06-10 18:39 - 2011-03-24 23:23 - 00000000 ____D () C:\Users\mark\AppData\Local\Temp
2014-06-10 18:38 - 2014-06-10 18:38 - 00021125 _____ () C:\Users\mark\Downloads\FRST.txt
2014-06-10 18:38 - 2014-06-10 18:37 - 00000000 ____D () C:\FRST
2014-06-10 18:38 - 2009-07-14 05:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 18:38 - 2009-07-14 05:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 18:37 - 2014-06-10 18:37 - 02080768 _____ (Farbar) C:\Users\mark\Downloads\FRST64.exe
2014-06-10 18:35 - 2011-03-24 23:23 - 01370017 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 18:35 - 2009-07-14 06:13 - 00802694 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 18:32 - 2014-05-16 18:40 - 00000000 ____D () C:\Users\mark\AppData\Roaming\DropboxMaster
2014-06-10 18:32 - 2013-11-28 20:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-10 18:32 - 2013-07-06 11:38 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 18:32 - 2012-07-30 22:05 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Dropbox
2014-06-10 18:32 - 2011-03-25 19:55 - 00000000 ____D () C:\Users\mark\AppData\Roaming\mIRC
2014-06-10 18:32 - 2011-03-25 19:55 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-06-10 18:31 - 2014-06-04 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 18:31 - 2011-03-25 20:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 18:31 - 2010-11-21 04:47 - 00707940 _____ () C:\Windows\PFRO.log
2014-06-10 18:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 18:31 - 2009-07-14 05:51 - 00130672 _____ () C:\Windows\setupact.log
2014-06-09 23:21 - 2013-07-06 11:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 23:01 - 2012-04-01 10:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 21:08 - 2013-02-13 20:39 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 21:02 - 2013-02-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 21:01 - 2011-03-28 21:08 - 00000000 ____D () C:\Users\mark\AppData\Roaming\KeePass
2014-06-09 20:47 - 2011-03-25 21:25 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Azureus
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Local\BBC
2014-06-08 23:06 - 2014-02-24 20:05 - 00001152 _____ () C:\Users\mark\Desktop\BBC iPlayer Downloads.lnk
2014-06-08 23:05 - 2014-06-08 23:05 - 21544960 _____ () C:\Users\mark\Downloads\BBC-iPlayer-Downloads(1).msi
2014-06-07 21:02 - 2014-06-07 21:01 - 00019397 _____ () C:\Users\mark\Desktop\dds.txt
2014-06-07 21:02 - 2014-06-07 21:01 - 00012204 _____ () C:\Users\mark\Desktop\attach.txt
2014-06-07 21:00 - 2014-06-07 21:00 - 00688992 ____R (Swearware) C:\Users\mark\Downloads\dds.com
2014-06-07 16:27 - 2011-03-25 21:41 - 00000000 ____D () C:\Users\mark\AppData\Roaming\vlc
2014-06-07 16:24 - 2013-10-13 22:19 - 00000000 ____D () C:\Program Files (x86)\SciLor's grooveshark™.com Downloader
2014-06-06 21:54 - 2014-06-06 21:53 - 00008192 _____ ( ) C:\Users\mark\Downloads\DMPUpdater.exe
2014-06-06 19:42 - 2014-06-03 21:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-06 19:40 - 2014-06-06 19:40 - 04161050 _____ () C:\Users\mark\Downloads\tdsskiller(1).zip
2014-06-06 00:10 - 2014-06-06 00:10 - 00000000 ____D () C:\New folder
2014-06-05 18:43 - 2014-06-05 18:43 - 04156051 _____ () C:\Users\mark\Downloads\tdsskiller.zip
2014-06-04 23:03 - 2014-06-04 23:03 - 00000000 ____D () C:\Users\mark\AppData\Local\SniperV2
2014-06-04 23:02 - 2011-03-25 21:47 - 00458755 _____ () C:\Windows\DirectX.log
2014-06-04 20:14 - 2013-09-04 18:57 - 00000000 ____D () C:\Program Files (x86)\Vuze Remote Toolbar
2014-06-04 19:26 - 2014-06-04 19:25 - 00002114 _____ () C:\Users\mark\Desktop\Rkill.txt
2014-06-04 19:26 - 2014-06-04 19:25 - 00000000 ____D () C:\rkill
2014-06-04 19:25 - 2014-06-04 19:25 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\mark\Downloads\rkill.exe
2014-06-04 19:23 - 2014-06-04 19:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-04 19:23 - 2014-06-04 19:15 - 00000000 ____D () C:\Users\mark\Desktop\mbar
2014-06-04 19:15 - 2014-06-04 18:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 19:14 - 2014-06-04 19:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\mark\Downloads\mbar-1.07.0.1009.exe
2014-06-04 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-04 18:55 - 2014-06-04 18:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mark\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2012-05-29 20:45 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 18:55 - 2011-04-09 10:30 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Malwarebytes
2014-06-04 18:55 - 2011-04-09 10:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 18:53 - 2014-06-04 18:53 - 00033700 _____ () C:\Users\mark\Downloads\Result.txt
2014-06-04 18:52 - 2014-06-04 18:52 - 00982016 _____ (Farbar) C:\Users\mark\Downloads\MiniToolBox.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00410112 _____ (Farbar) C:\Users\mark\Downloads\FSS.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00002078 _____ () C:\Users\mark\Downloads\FSS.txt
2014-06-04 18:46 - 2014-06-04 18:46 - 00854367 _____ () C:\Users\mark\Downloads\SecurityCheck.exe
2014-06-04 18:35 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 22:05 - 2014-06-03 22:05 - 00002259 _____ () C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\Program Files (x86)\PokerStrategy.com
2014-06-03 22:04 - 2014-06-03 22:02 - 00000000 ____D () C:\Program Files (x86)\PokerStove
2014-06-03 22:04 - 2011-06-09 23:48 - 00000000 ____D () C:\Users\mark\AppData\Local\Downloaded Installations
2014-06-03 22:02 - 2014-06-03 22:02 - 00001035 _____ () C:\Users\mark\Desktop\PokerStove.lnk
2014-06-03 22:02 - 2014-06-03 22:02 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-06-03 21:34 - 2011-04-18 21:16 - 00000000 ____D () C:\Program Files (x86)\PKR
2014-06-03 00:09 - 2014-06-03 00:09 - 00000382 _____ () C:\Users\mark\Downloads\defogger_enable.log
2014-06-03 00:09 - 2011-03-24 23:23 - 00000000 ____D () C:\Users\mark
2014-06-03 00:01 - 2014-06-03 00:01 - 00050477 _____ () C:\Users\mark\Downloads\Defogger.exe
2014-06-03 00:01 - 2014-06-03 00:01 - 00000648 _____ () C:\Users\mark\Downloads\defogger_disable.log
2014-06-02 22:46 - 2014-06-02 22:46 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\mark\Downloads\tdsskiller.exe
2014-06-02 20:50 - 2014-06-02 20:50 - 01789440 _____ () C:\Users\mark\Downloads\MissionControllerMCE69.zip
2014-06-01 19:18 - 2014-06-01 19:13 - 219451392 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86.msi
2014-06-01 19:13 - 2014-06-01 19:13 - 05541888 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86_helppack_en-GB.msi
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-31 20:58 - 2012-09-20 18:40 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 18:03 - 2011-03-25 20:53 - 00001126 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 18:03 - 2011-03-25 20:53 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-31 18:01 - 2013-09-04 18:57 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-05-31 17:59 - 2014-05-31 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 17:59 - 2014-05-31 17:57 - 00003999 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-31 17:59 - 2013-10-20 10:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 17:59 - 2012-05-18 20:19 - 00007651 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2014-05-31 17:59 - 2011-04-07 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-31 17:57 - 2014-05-31 17:57 - 00918952 _____ (Oracle Corporation) C:\Users\mark\Downloads\jxpiinstall(2).exe
2014-05-31 17:55 - 2011-06-20 18:52 - 00000000 ____D () C:\Users\mark\AppData\Local\Unity
2014-05-30 23:59 - 2011-04-07 18:56 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-30 14:34 - 2014-05-30 14:34 - 03051850 _____ () C:\Users\mark\Downloads\pirates_gold_map.zip
2014-05-30 14:34 - 2014-05-30 14:34 - 00001989 _____ () C:\Users\Public\Desktop\Pirates! GOLD.lnk
2014-05-30 14:34 - 2014-05-30 14:34 - 00001943 _____ () C:\Users\Public\Desktop\Pirates!.lnk
2014-05-30 14:34 - 2014-05-30 14:33 - 45155672 _____ (GOG.com ) C:\Users\mark\Downloads\setup_pirates_pack_2.0.0.28.exe
2014-05-30 14:34 - 2013-03-22 19:48 - 00000000 ____D () C:\GOG Games
2014-05-30 14:34 - 2012-10-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-30 14:34 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-30 12:33 - 2011-04-12 21:16 - 00000000 ____D () C:\Users\mark\.raceintospace
2014-05-30 12:33 - 2011-04-12 21:13 - 00000000 ____D () C:\Program Files (x86)\raceintospace
2014-05-27 21:39 - 2011-04-09 10:38 - 00003236 _____ () C:\Windows\Sandboxie.ini
2014-05-27 00:28 - 2012-09-16 21:15 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-05-25 11:03 - 2011-03-24 23:23 - 00000000 ___RD () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 11:02 - 2012-07-30 22:07 - 00001021 _____ () C:\Users\mark\Desktop\Dropbox.lnk
2014-05-25 11:02 - 2012-07-30 22:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 22:52 - 2014-05-24 22:52 - 00003150 _____ () C:\Windows\System32\Tasks\{CCC0453D-577A-4AE4-A5E1-15738E8A32E2}
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\testaccount\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\steve\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2011-11-21 23:21 - 00002051 _____ () C:\Users\UpdatusUser\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2011-04-12 21:14 - 00002051 _____ () C:\Users\mark\Desktop\Race Into Space.lnk
2014-05-24 22:50 - 2014-05-24 22:50 - 58580747 _____ () C:\Users\mark\Downloads\raceintospace-1.1.exe
2014-05-23 18:41 - 2011-03-25 21:24 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-05-21 21:45 - 2012-01-03 20:31 - 00000000 ____D () C:\Users\mark\AppData\Local\Conduit
2014-05-17 21:58 - 2012-11-09 23:36 - 00000000 ____D () C:\Users\mark\Documents\Battleground Europe
2014-05-16 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 18:39 - 2012-01-08 13:12 - 00000000 ___RD () C:\Users\mark\Virtual Machines
2014-05-16 18:39 - 2011-03-24 23:23 - 00000000 ___RD () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 18:37 - 2014-05-06 23:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 18:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 00:25 - 2011-03-28 19:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 00:22 - 2013-07-20 08:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 00:19 - 2011-07-23 10:51 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 23:05 - 2014-05-14 23:05 - 44594711 _____ () C:\Users\mark\Downloads\saintsrow3_ost_mp3_1374796048.zip
2014-05-14 19:24 - 2011-07-13 21:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-13 22:48 - 2014-05-13 22:47 - 72493419 _____ () C:\Users\mark\Downloads\Scorched3D-43.3d.exe
2014-05-13 22:48 - 2011-11-15 22:51 - 00000000 ____D () C:\Program Files (x86)\Scorched3D
2014-05-13 20:01 - 2012-04-01 10:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:01 - 2012-04-01 10:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:01 - 2011-05-15 10:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 18:52 - 2014-01-01 20:31 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 18:52 - 2013-11-28 20:14 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 18:52 - 2013-11-28 20:14 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-12 07:26 - 2014-06-04 18:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2011-04-09 10:30 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 11:58 - 2012-04-26 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgvwjh.dll
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\sfamcc00001.dll
C:\Users\mark\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 11:52

==================== End Of Log ============================

 

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by mark at 2014-06-10 18:39:20
Running from C:\Users\mark\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3.3 64-bit (HKLM\...\{CFFF260C-F510-45BB-8F8E-1D4AC1232786}) (Version: 3.3.1 - Adobe)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Adventures of Shuggy (HKLM-x32\...\Steam App 211440) (Version:  - Smudged Cat Games Ltd)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - )
Altitude (HKLM-x32\...\Steam App 41300) (Version:  - Nimbly Games)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3 Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battleground Europe (HKLM-x32\...\Battleground Europe) (Version:  - Playnet Inc.)
Battleground Europe TEST (HKLM-x32\...\Battleground Europe TEST) (Version:  - Playnet Inc.)
BBC iPlayer Downloads (HKLM-x32\...\{3DD343EA-B76B-4886-87FC-E5B127A8E035}) (Version: 1.7.4 - BBC)
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.17 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bridge It 1.3 (HKLM-x32\...\Bridge It_is1) (Version:  - Chronic Logic LLC)
calibre (HKLM-x32\...\{3331E34D-38D0-49CE-A395-B30B05FCCE6C}) (Version: 1.11.0 - Kovid Goyal)
Canon LBP5100 (HKLM\...\Canon LBP5100) (Version:  - )
Capitalism Plus (HKLM-x32\...\Capitalism Plus_is1) (Version:  - GOG.com)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
ComicRack v0.9.175 (HKLM\...\ComicRack) (Version: v0.9.175 - cYo Soft)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic)
CorsixTH Beta 6 (HKLM-x32\...\CorsixTH) (Version: Beta 6 - )
CPUID CPU-Z 1.61.5 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CreaVures (HKLM-x32\...\Steam App 49810) (Version:  - Muse Games)
Critical Mass (HKLM-x32\...\Steam App 105300) (Version:  - Manic Game Studios)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox)
CrystalDiskInfo 4.0.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 4.0.1 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.22 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DataNumen PDF Repair v2.1 (HKLM-x32\...\DataNumen PDF Repair v2.1) (Version:  - )
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Crawl Stone Soup (HKLM-x32\...\Crawl) (Version: 0.9.1 - )
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
ffdshow [rev 1324] [2007-07-01] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version:  - )
Foreign Legion: Buckets of Blood (HKLM-x32\...\Steam App 36000) (Version:  - Sakari Indie)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Freemake Video Converter version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version:  - )
gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPRO Organiser (HKLM-x32\...\{719AEF66-93B6-4BFE-A43C-2329FEEB4056}) (Version: 3.0.2 - MB Software)
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version:  - Paradox Interactive)
Hexcells (HKLM-x32\...\Steam App 265890) (Version:  - Matthew Brown)
Holdem Indicator 2.3.3 (HKLM-x32\...\Holdem Indicator_is1) (Version:  - http://www.HoldemIndicator.com)
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
KeePass Password Safe 2.14 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Kinetic Void (HKLM-x32\...\Steam App 227160) (Version:  - Badland Studio)
Klass of 99 (HKLM-x32\...\{E42F707D-BB9B-470C-B604-DCD9EF1EACAC}) (Version: 1.06.0000 - Retrospec)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Long Live The Queen Full Retail 1.1.4 (HKLM-x32\...\Long Live The Queen_is1) (Version:  - Hanako Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Master of Orion 1 and 2 (HKLM-x32\...\GOGPACKMASTEROFORION12_is1) (Version: 2.0.0.16 - GOG.com)
Men of War (HKLM-x32\...\Steam App 7830) (Version:  - Best Way)
Men of War: Red Tide (HKLM-x32\...\Steam App 3130) (Version:  - 1C Company)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - )
Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NewsLeecher v5.0 Final (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.4 - )
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Omaha Indicator 1.5.2 (HKLM-x32\...\Omaha Indicator_is1) (Version:  - http://www.OmahaIndicator.com)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
Oolite 1.76.0.4679 (HKLM-x32\...\Oolite) (Version:  - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{EA1DC8F8-C357-44CA-A332-AB9762DF698C}) (Version: 4.00.9702 - Apache Software Foundation)
OpenTTD 1.2.3 (HKLM-x32\...\OpenTTD) (Version: 1.2.3 - OpenTTD)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Paranormal (HKLM-x32\...\Steam App 246300) (Version:  - )
Pd-0.42.5-extended (HKLM-x32\...\pd_is1) (Version:  - pure-data.org)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Pirates Pack (HKLM-x32\...\GOGPACKPIRATESPACK_is1) (Version: 2.0.0.28 - GOG.com)
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version:  - )
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quake II (HKLM-x32\...\Steam App 2320) (Version:  - id Software)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version:  - Gravity, Inc.)
Razer Lachesis 5600 (HKLM-x32\...\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}) (Version: 3.00.08 - Razer USA Ltd.)
Real Alternative 1.7.5 (HKLM-x32\...\RealAlt_is1) (Version: 1.7.5 - )
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
RegiStax 6 (HKCU\...\RegiStax 6) (Version:  - )
RegiStax 6.1.0.8 update (HKCU\...\RegiStax 6.1.0.8 update) (Version:  - )
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 3.54 (64-bit) (HKLM\...\Sandboxie) (Version:  - )
SciLor's grooveshark™.com Downloader 0.4.12 (HKLM-x32\...\{DDEAE484-D5FB-49CB-BD47-9512E8ACCA65}_is1) (Version: 0.4.12 - SciLor)
Scorched3D 43.2a (HKLM-x32\...\Scorched3D) (Version: 43.2a - Scorched)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 2000 Special Edition (HKLM-x32\...\SimCity 2000 Special Edition_is1) (Version:  - GOG.com)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ Closed Beta 2 (HKLM-x32\...\{BAB1A557-02A6-468f-BC5A-D8180C882DC4}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SplitMediaLabs VH Screen Capture Driver (x86) (HKLM-x32\...\{48530DE6-19F9-489D-809E-AFAA8AACC6DF}) (Version: 3.1.0.7 - SplitMediaLabs Ltd.)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
StartSearch Toolbar 1.3 (HKLM-x32\...\StartSearch Toolbar) (Version: 1.3 - startsear.ch) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.0 (HKLM-x32\...\Stellarium_is1) (Version:  - )
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
SysInfoTools PDF Repair v1.0 (HKLM-x32\...\{B6CA247E-DB92-4F38-B0BC-C5C93E5A3914}_is1) (Version:  - SysInfoTools)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
The FilmMachine 1.6.1 (HKLM-x32\...\The FilmMachine_is1) (Version:  - The Mask Productions)
Theatre of War (HKLM-x32\...\Steam App 46290) (Version:  - 1C Company)
Theatre of War 2: Africa 1943 (HKLM-x32\...\Steam App 46340) (Version:  - 1C Company)
Theatre of War 2: Kursk 1943  (HKLM-x32\...\Steam App 46360) (Version:  - 1C Company)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Game Studio)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - IronLore)
Tournament Indicator 1.8.4 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - http://www.TournamentIndicator.com)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VH Toolkit 1.0.15.0 (HKLM-x32\...\VH Toolkit_is1) (Version:  - Hmelyoff Labs)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Interactive)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v7.6 (HKLM-x32\...\{7FAA19D2-3CF3-4FF6-9746-C0B8DB88757D}) (Version: 7.6 - Spigot, Inc.) <==== ATTENTION
Vx4SLPlayer 1.0.0 (HKLM-x32\...\Vx4SLPlayer_is1) (Version:  - )
Wall Street Raider 7.01 (HKLM-x32\...\Wall Street Raider_is1) (Version:  - Ronin Software)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinHTTrack Website Copier 3.44-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl)
WinSPMBT (HKLM-x32\...\WinSPMBT) (Version:  - )
WinSPWW2  Ver 1.1B Upgrade (HKLM-x32\...\WinSPWW2  Ver 1.1B Upgrade) (Version:  - )
WinSPWW2v1 DL Edition (HKLM-x32\...\WinSPWW2v1 DL Edition) (Version:  - )
WinSPWW2v2  Upgrade (HKLM-x32\...\WinSPWW2v2  Upgrade) (Version:  - )
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version:  - Egosoft)
XIII Century (HKLM-x32\...\Steam App 34420) (Version:  - Unicorn Games Studio)

==================== Restore Points  =========================

31-05-2014 16:57:33 Installed Java 7 Update 60
03-06-2014 21:05:07 Installed PokerStrategy.com Equilab.
03-06-2014 23:08:15 Windows Update
04-06-2014 22:01:59 Installed DirectX
08-06-2014 22:05:55 Installed BBC iPlayer Downloads

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-20 08:48 - 00000131 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {44CC421C-60B5-4174-8822-5D60E3D21DE0} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {4A8403DC-4567-45F1-9C39-1F7C21759851} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {69BA5DEC-18A3-4034-AE56-D7B491EEE5BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {A1E1443C-35D4-4BF6-8A08-9DA0C49139B9} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {AF447003-0310-4957-B336-8B9BAD5538B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-26] (AVAST Software)
Task: {B7B53D22-58D8-4FA2-87AA-2744079DB5DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {E279D117-5AFD-453E-A4D8-B80403B22310} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1CE8626-E4C1-4D51-AE1B-56C5BE63112B} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {F397B22C-0A0F-40BA-AF73-394E92A85BF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-30 22:14 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-26 13:13 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-06-10 18:32 - 2014-06-10 18:32 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061001\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () E:\programs\office2010\Office14\1033\GrooveIntlResource.dll
2014-06-10 18:32 - 2014-06-10 18:32 - 00043008 _____ () c:\users\mark\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgvwjh.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\mark\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-28 20:14 - 2013-11-28 20:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-09 19:08 - 2014-05-09 19:08 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\mark\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Razer Lachesis Driver => C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 06:32:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 06:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 10:40:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 11:35:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 07:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 06:36:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 07:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xdf0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/04/2014 07:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1258
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/04/2014 07:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd1c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/04/2014 07:08:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/10/2014 06:33:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/10/2014 06:33:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/09/2014 07:01:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/09/2014 07:01:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/08/2014 10:42:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/08/2014 10:42:00 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/07/2014 11:36:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/07/2014 11:36:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/06/2014 07:34:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/06/2014 07:34:41 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (06/10/2014 06:32:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 06:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 10:40:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 11:35:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 07:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 06:36:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 07:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddf001cf80206fd91e52C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllc1b4cbd4-ec13-11e3-9c70-001a4d4c8022

Error: (06/04/2014 07:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd125801cf80203e477d24C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll969f9205-ec13-11e3-9c70-001a4d4c8022

Error: (06/04/2014 07:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd1c01cf801fef78e302C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5e65453f-ec13-11e3-9c70-001a4d4c8022

Error: (06/04/2014 07:08:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-03-09 10:56:17.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-09 10:56:17.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 4094.49 MB
Available physical RAM: 2302.8 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6002.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.13 GB) (Free:30.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:1863.01 GB) (Free:718.05 GB) NTFS
Drive f: (12-03-2011) (Fixed) (Total:1397.26 GB) (Free:279.34 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:1863.01 GB) (Free:341.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B659C897)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: EE328F29)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1397 GB) (Disk ID: B12FFEBF)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 107 GB) (Disk ID: 28ACFFC7)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:09 AM

Posted 10 June 2014 - 01:54 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 cubes

cubes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 10 June 2014 - 03:32 PM

Ok, that's all done.  Log files copied below.

 

Adware cleaner:

 

# AdwCleaner v3.212 - Report created 10/06/2014 at 21:02:52
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : mark - PEOPLESREPUBLIC
# Running from : C:\Users\mark\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\mark\AppData\Local\Conduit
Folder Deleted : C:\Users\mark\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\mark\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\mark\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\testaccount\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\testaccount\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\ConduitCommon
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFEA3A45-033F-4D6B-8219-ADB36870425E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\prefs.js ]

Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "b17c857b-7933-47fa-81a1-453e036d2e9d");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jan 03 2012 19:32:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jan 03 2012 19:32:08 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jan 03 2012 19:32:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "559fd378-1fe5-4d79-b123-0cbdaa84120f");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2504091");
Line Deleted : user_pref("extensions.funmoods.aflt", "drive");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "GB");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "A0CC1D7D2F83589755ED2659693D5E59");
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294");
Line Deleted : user_pref("extensions.funmoods.id", "240ab431000000000000002401120423");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15520");
Line Deleted : user_pref("extensions.funmoods.instlRef", "drive");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:43:54");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", true);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:43:54");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:43:54");
Line Deleted : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Line Deleted : user_pref("surfcanyon.last_checked_ts", "1266971566335");

[ File : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\y9m4goh1.default\prefs.js ]


[ File : C:\Users\testaccount\AppData\Roaming\Mozilla\Firefox\Profiles\84ody94l.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [10116 octets] - [10/06/2014 20:59:36]
AdwCleaner[R1].txt - [10178 octets] - [10/06/2014 21:01:35]
AdwCleaner[S0].txt - [10046 octets] - [10/06/2014 21:02:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10107 octets] ##########
 

 

 

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/06/2014
Scan Time: 21:07:04
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.06
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388644
Time Elapsed: 9 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by mark on 10/06/2014 at 21:18:45.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6665B1E0-1581-A76A-A58D-459E2BD60ADB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93D3C758-344C-477F-AAA4-3380AD4732BC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6665B1E0-1581-A76A-A58D-459E2BD60ADB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\h9thbbng.default\minidumps [211 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/06/2014 at 21:28:32.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by mark (administrator) on PEOPLESREPUBLIC on 10-06-2014 21:31:07
Running from C:\Users\mark\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Windows\System32\CNAC6RPD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => E:\programs\office2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [597736 2011-03-24] (SANDBOXIE L.T.D)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-2383215465-1798318476-2089682758-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5100 Status Window.lnk
ShortcutTarget: Canon LBP5100 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C74CAC61DEBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzutAtN2Y1L1QzutDtDtByEtDtCtCtBtDyEtBtA0ByEtAtCtN0D0TzutBtDtCtBtDyCtBzy&cr=842005294
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {18BA330D-7E1E-4147-886D-DD8CFAB9C5FB} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\programs\office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\programs\office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: https://www.google.co.uk/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - E:\programs\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - E:\programs\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: British English Dictionary - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-10-19]
FF Extension: Enhanced Steam - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2013-12-30]
FF Extension: FlashGot - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-03-25]
FF Extension: Property Bee - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\h9thbbng.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2011-03-30]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-28]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\programs\office2010\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [95976 2011-03-24] (SANDBOXIE L.T.D)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [148072 2011-03-24] (SANDBOXIE L.T.D)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-04-09] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va005; \??\C:\Users\mark\AppData\Local\Temp\005E8EC.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 21:28 - 2014-06-10 21:28 - 00001778 _____ () C:\Users\mark\Desktop\JRT.txt
2014-06-10 21:18 - 2014-06-10 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 21:17 - 2014-06-10 21:17 - 01016261 _____ (Thisisu) C:\Users\mark\Downloads\JRT.exe
2014-06-10 21:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-10 20:59 - 2014-06-10 21:02 - 00000000 ____D () C:\AdwCleaner
2014-06-10 20:59 - 2014-06-10 20:59 - 01333465 _____ () C:\Users\mark\Downloads\AdwCleaner.exe
2014-06-10 18:39 - 2014-06-10 18:39 - 00050914 _____ () C:\Users\mark\Downloads\Addition.txt
2014-06-10 18:38 - 2014-06-10 21:31 - 00019541 _____ () C:\Users\mark\Downloads\FRST.txt
2014-06-10 18:37 - 2014-06-10 21:31 - 00000000 ____D () C:\FRST
2014-06-10 18:37 - 2014-06-10 18:37 - 02080768 _____ (Farbar) C:\Users\mark\Downloads\FRST64.exe
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Local\BBC
2014-06-08 23:05 - 2014-06-08 23:05 - 21544960 _____ () C:\Users\mark\Downloads\BBC-iPlayer-Downloads(1).msi
2014-06-07 21:01 - 2014-06-07 21:02 - 00019397 _____ () C:\Users\mark\Desktop\dds.txt
2014-06-07 21:01 - 2014-06-07 21:02 - 00012204 _____ () C:\Users\mark\Desktop\attach.txt
2014-06-07 21:00 - 2014-06-07 21:00 - 00688992 ____R (Swearware) C:\Users\mark\Downloads\dds.com
2014-06-06 21:53 - 2014-06-06 21:54 - 00008192 _____ ( ) C:\Users\mark\Downloads\DMPUpdater.exe
2014-06-06 19:40 - 2014-06-06 19:40 - 04161050 _____ () C:\Users\mark\Downloads\tdsskiller(1).zip
2014-06-06 00:10 - 2014-06-06 00:10 - 00000000 ____D () C:\New folder
2014-06-05 18:43 - 2014-06-05 18:43 - 04156051 _____ () C:\Users\mark\Downloads\tdsskiller.zip
2014-06-04 23:03 - 2014-06-04 23:03 - 00000000 ____D () C:\Users\mark\AppData\Local\SniperV2
2014-06-04 19:25 - 2014-06-04 19:26 - 00002114 _____ () C:\Users\mark\Desktop\Rkill.txt
2014-06-04 19:25 - 2014-06-04 19:26 - 00000000 ____D () C:\rkill
2014-06-04 19:25 - 2014-06-04 19:25 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\mark\Downloads\rkill.exe
2014-06-04 19:16 - 2014-06-04 19:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-04 19:15 - 2014-06-04 19:23 - 00000000 ____D () C:\Users\mark\Desktop\mbar
2014-06-04 19:14 - 2014-06-04 19:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\mark\Downloads\mbar-1.07.0.1009.exe
2014-06-04 18:56 - 2014-06-10 21:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 18:55 - 2014-06-04 19:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 18:55 - 2014-06-04 18:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mark\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 18:53 - 2014-06-04 18:53 - 00033700 _____ () C:\Users\mark\Downloads\Result.txt
2014-06-04 18:52 - 2014-06-04 18:52 - 00982016 _____ (Farbar) C:\Users\mark\Downloads\MiniToolBox.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00410112 _____ (Farbar) C:\Users\mark\Downloads\FSS.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00002078 _____ () C:\Users\mark\Downloads\FSS.txt
2014-06-04 18:46 - 2014-06-04 18:46 - 00854367 _____ () C:\Users\mark\Downloads\SecurityCheck.exe
2014-06-03 22:05 - 2014-06-03 22:05 - 00002259 _____ () C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\Program Files (x86)\PokerStrategy.com
2014-06-03 22:02 - 2014-06-03 22:04 - 00000000 ____D () C:\Program Files (x86)\PokerStove
2014-06-03 22:02 - 2014-06-03 22:02 - 00001035 _____ () C:\Users\mark\Desktop\PokerStove.lnk
2014-06-03 22:02 - 2014-06-03 22:02 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-06-03 21:02 - 2014-06-06 19:42 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-03 00:09 - 2014-06-03 00:09 - 00000382 _____ () C:\Users\mark\Downloads\defogger_enable.log
2014-06-03 00:01 - 2014-06-03 00:01 - 00050477 _____ () C:\Users\mark\Downloads\Defogger.exe
2014-06-03 00:01 - 2014-06-03 00:01 - 00000648 _____ () C:\Users\mark\Downloads\defogger_disable.log
2014-06-02 22:46 - 2014-06-02 22:46 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\mark\Downloads\tdsskiller.exe
2014-06-02 20:50 - 2014-06-02 20:50 - 01789440 _____ () C:\Users\mark\Downloads\MissionControllerMCE69.zip
2014-06-01 19:13 - 2014-06-01 19:18 - 219451392 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86.msi
2014-06-01 19:13 - 2014-06-01 19:13 - 05541888 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86_helppack_en-GB.msi
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-31 17:59 - 2014-05-31 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 17:59 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-31 17:59 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-31 17:59 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-31 17:59 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-31 17:57 - 2014-05-31 17:59 - 00003999 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-31 17:57 - 2014-05-31 17:57 - 00918952 _____ (Oracle Corporation) C:\Users\mark\Downloads\jxpiinstall(2).exe
2014-05-30 14:34 - 2014-05-30 14:34 - 03051850 _____ () C:\Users\mark\Downloads\pirates_gold_map.zip
2014-05-30 14:34 - 2014-05-30 14:34 - 00001989 _____ () C:\Users\Public\Desktop\Pirates! GOLD.lnk
2014-05-30 14:34 - 2014-05-30 14:34 - 00001943 _____ () C:\Users\Public\Desktop\Pirates!.lnk
2014-05-30 14:34 - 2012-06-14 14:47 - 00000000 ____D () C:\Users\mark\Documents\pirates_gold_map
2014-05-30 14:33 - 2014-05-30 14:34 - 45155672 _____ (GOG.com ) C:\Users\mark\Downloads\setup_pirates_pack_2.0.0.28.exe
2014-05-28 17:05 - 2013-02-06 13:54 - 17896392 _____ () C:\Users\mark\Documents\SUNP0001.AVI
2014-05-24 22:52 - 2014-05-24 22:52 - 00003150 _____ () C:\Windows\System32\Tasks\{CCC0453D-577A-4AE4-A5E1-15738E8A32E2}
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\testaccount\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\steve\Desktop\Race Into Space.lnk
2014-05-24 22:50 - 2014-05-24 22:50 - 58580747 _____ () C:\Users\mark\Downloads\raceintospace-1.1.exe
2014-05-16 18:40 - 2014-06-10 21:04 - 00000000 ____D () C:\Users\mark\AppData\Roaming\DropboxMaster
2014-05-16 00:24 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:24 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:24 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:24 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:24 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:24 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:13 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 19:13 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 19:13 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 19:13 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 19:13 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 19:13 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 19:13 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 19:13 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 19:13 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 19:13 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 19:13 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 19:13 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:13 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 19:13 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 19:13 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 19:13 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 19:13 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 19:13 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 19:13 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 19:13 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 19:13 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 19:13 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 19:13 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:05 - 2014-05-14 23:05 - 44594711 _____ () C:\Users\mark\Downloads\saintsrow3_ost_mp3_1374796048.zip
2014-05-13 22:47 - 2014-05-13 22:48 - 72493419 _____ () C:\Users\mark\Downloads\Scorched3D-43.3d.exe

==================== One Month Modified Files and Folders =======

2014-06-10 21:31 - 2014-06-10 18:38 - 00019541 _____ () C:\Users\mark\Downloads\FRST.txt
2014-06-10 21:31 - 2014-06-10 18:37 - 00000000 ____D () C:\FRST
2014-06-10 21:31 - 2011-03-24 23:23 - 00000000 ____D () C:\Users\mark\AppData\Local\Temp
2014-06-10 21:28 - 2014-06-10 21:28 - 00001778 _____ () C:\Users\mark\Desktop\JRT.txt
2014-06-10 21:21 - 2013-07-06 11:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 21:18 - 2014-06-10 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 21:17 - 2014-06-10 21:17 - 01016261 _____ (Thisisu) C:\Users\mark\Downloads\JRT.exe
2014-06-10 21:11 - 2009-07-14 05:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 21:11 - 2009-07-14 05:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 21:10 - 2009-07-14 06:13 - 00802694 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 21:07 - 2014-06-04 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 21:07 - 2011-03-24 23:23 - 01402251 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 21:04 - 2014-05-16 18:40 - 00000000 ____D () C:\Users\mark\AppData\Roaming\DropboxMaster
2014-06-10 21:04 - 2013-07-06 11:38 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 21:04 - 2012-07-30 22:05 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Dropbox
2014-06-10 21:04 - 2011-03-25 20:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 21:04 - 2010-11-21 04:47 - 00708250 _____ () C:\Windows\PFRO.log
2014-06-10 21:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 21:04 - 2009-07-14 05:51 - 00130728 _____ () C:\Windows\setupact.log
2014-06-10 21:02 - 2014-06-10 20:59 - 00000000 ____D () C:\AdwCleaner
2014-06-10 21:01 - 2012-04-01 10:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 20:59 - 2014-06-10 20:59 - 01333465 _____ () C:\Users\mark\Downloads\AdwCleaner.exe
2014-06-10 18:39 - 2014-06-10 18:39 - 00050914 _____ () C:\Users\mark\Downloads\Addition.txt
2014-06-10 18:37 - 2014-06-10 18:37 - 02080768 _____ (Farbar) C:\Users\mark\Downloads\FRST64.exe
2014-06-10 18:32 - 2013-11-28 20:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-10 18:32 - 2011-03-25 19:55 - 00000000 ____D () C:\Users\mark\AppData\Roaming\mIRC
2014-06-10 18:32 - 2011-03-25 19:55 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-06-09 21:08 - 2013-02-13 20:39 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 21:02 - 2013-02-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 21:01 - 2011-03-28 21:08 - 00000000 ____D () C:\Users\mark\AppData\Roaming\KeePass
2014-06-09 20:47 - 2011-03-25 21:25 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Azureus
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2014-06-08 23:06 - 2014-06-08 23:06 - 00000000 ____D () C:\Users\mark\AppData\Local\BBC
2014-06-08 23:06 - 2014-02-24 20:05 - 00001152 _____ () C:\Users\mark\Desktop\BBC iPlayer Downloads.lnk
2014-06-08 23:05 - 2014-06-08 23:05 - 21544960 _____ () C:\Users\mark\Downloads\BBC-iPlayer-Downloads(1).msi
2014-06-07 21:02 - 2014-06-07 21:01 - 00019397 _____ () C:\Users\mark\Desktop\dds.txt
2014-06-07 21:02 - 2014-06-07 21:01 - 00012204 _____ () C:\Users\mark\Desktop\attach.txt
2014-06-07 21:00 - 2014-06-07 21:00 - 00688992 ____R (Swearware) C:\Users\mark\Downloads\dds.com
2014-06-07 16:27 - 2011-03-25 21:41 - 00000000 ____D () C:\Users\mark\AppData\Roaming\vlc
2014-06-07 16:24 - 2013-10-13 22:19 - 00000000 ____D () C:\Program Files (x86)\SciLor's grooveshark™.com Downloader
2014-06-06 21:54 - 2014-06-06 21:53 - 00008192 _____ ( ) C:\Users\mark\Downloads\DMPUpdater.exe
2014-06-06 19:42 - 2014-06-03 21:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-06 19:40 - 2014-06-06 19:40 - 04161050 _____ () C:\Users\mark\Downloads\tdsskiller(1).zip
2014-06-06 00:10 - 2014-06-06 00:10 - 00000000 ____D () C:\New folder
2014-06-05 18:43 - 2014-06-05 18:43 - 04156051 _____ () C:\Users\mark\Downloads\tdsskiller.zip
2014-06-04 23:03 - 2014-06-04 23:03 - 00000000 ____D () C:\Users\mark\AppData\Local\SniperV2
2014-06-04 23:02 - 2011-03-25 21:47 - 00458755 _____ () C:\Windows\DirectX.log
2014-06-04 19:26 - 2014-06-04 19:25 - 00002114 _____ () C:\Users\mark\Desktop\Rkill.txt
2014-06-04 19:26 - 2014-06-04 19:25 - 00000000 ____D () C:\rkill
2014-06-04 19:25 - 2014-06-04 19:25 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\mark\Downloads\rkill.exe
2014-06-04 19:23 - 2014-06-04 19:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-04 19:23 - 2014-06-04 19:15 - 00000000 ____D () C:\Users\mark\Desktop\mbar
2014-06-04 19:15 - 2014-06-04 18:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 19:14 - 2014-06-04 19:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\mark\Downloads\mbar-1.07.0.1009.exe
2014-06-04 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-04 18:55 - 2014-06-04 18:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mark\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2014-06-04 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 18:55 - 2012-05-29 20:45 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 18:55 - 2011-04-09 10:30 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Malwarebytes
2014-06-04 18:55 - 2011-04-09 10:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 18:53 - 2014-06-04 18:53 - 00033700 _____ () C:\Users\mark\Downloads\Result.txt
2014-06-04 18:52 - 2014-06-04 18:52 - 00982016 _____ (Farbar) C:\Users\mark\Downloads\MiniToolBox.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00410112 _____ (Farbar) C:\Users\mark\Downloads\FSS.exe
2014-06-04 18:50 - 2014-06-04 18:50 - 00002078 _____ () C:\Users\mark\Downloads\FSS.txt
2014-06-04 18:46 - 2014-06-04 18:46 - 00854367 _____ () C:\Users\mark\Downloads\SecurityCheck.exe
2014-06-04 18:35 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 22:05 - 2014-06-03 22:05 - 00002259 _____ () C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2014-06-03 22:05 - 2014-06-03 22:05 - 00000000 ____D () C:\Program Files (x86)\PokerStrategy.com
2014-06-03 22:04 - 2014-06-03 22:02 - 00000000 ____D () C:\Program Files (x86)\PokerStove
2014-06-03 22:04 - 2011-06-09 23:48 - 00000000 ____D () C:\Users\mark\AppData\Local\Downloaded Installations
2014-06-03 22:02 - 2014-06-03 22:02 - 00001035 _____ () C:\Users\mark\Desktop\PokerStove.lnk
2014-06-03 22:02 - 2014-06-03 22:02 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-06-03 21:34 - 2011-04-18 21:16 - 00000000 ____D () C:\Program Files (x86)\PKR
2014-06-03 00:09 - 2014-06-03 00:09 - 00000382 _____ () C:\Users\mark\Downloads\defogger_enable.log
2014-06-03 00:09 - 2011-03-24 23:23 - 00000000 ____D () C:\Users\mark
2014-06-03 00:01 - 2014-06-03 00:01 - 00050477 _____ () C:\Users\mark\Downloads\Defogger.exe
2014-06-03 00:01 - 2014-06-03 00:01 - 00000648 _____ () C:\Users\mark\Downloads\defogger_disable.log
2014-06-02 22:46 - 2014-06-02 22:46 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\mark\Downloads\tdsskiller.exe
2014-06-02 20:50 - 2014-06-02 20:50 - 01789440 _____ () C:\Users\mark\Downloads\MissionControllerMCE69.zip
2014-06-01 19:18 - 2014-06-01 19:13 - 219451392 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86.msi
2014-06-01 19:13 - 2014-06-01 19:13 - 05541888 _____ () C:\Users\mark\Downloads\LibreOffice_4.2.4_Win_x86_helppack_en-GB.msi
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 20:58 - 2014-05-31 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-31 20:58 - 2012-09-20 18:40 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 18:03 - 2011-03-25 20:53 - 00001126 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 18:03 - 2011-03-25 20:53 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-31 17:59 - 2014-05-31 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 17:59 - 2014-05-31 17:57 - 00003999 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-31 17:59 - 2013-10-20 10:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 17:59 - 2012-05-18 20:19 - 00007651 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2014-05-31 17:59 - 2011-04-07 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-31 17:57 - 2014-05-31 17:57 - 00918952 _____ (Oracle Corporation) C:\Users\mark\Downloads\jxpiinstall(2).exe
2014-05-31 17:55 - 2011-06-20 18:52 - 00000000 ____D () C:\Users\mark\AppData\Local\Unity
2014-05-30 23:59 - 2011-04-07 18:56 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-30 14:34 - 2014-05-30 14:34 - 03051850 _____ () C:\Users\mark\Downloads\pirates_gold_map.zip
2014-05-30 14:34 - 2014-05-30 14:34 - 00001989 _____ () C:\Users\Public\Desktop\Pirates! GOLD.lnk
2014-05-30 14:34 - 2014-05-30 14:34 - 00001943 _____ () C:\Users\Public\Desktop\Pirates!.lnk
2014-05-30 14:34 - 2014-05-30 14:33 - 45155672 _____ (GOG.com ) C:\Users\mark\Downloads\setup_pirates_pack_2.0.0.28.exe
2014-05-30 14:34 - 2013-03-22 19:48 - 00000000 ____D () C:\GOG Games
2014-05-30 14:34 - 2012-10-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-30 14:34 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-30 12:33 - 2011-04-12 21:16 - 00000000 ____D () C:\Users\mark\.raceintospace
2014-05-30 12:33 - 2011-04-12 21:13 - 00000000 ____D () C:\Program Files (x86)\raceintospace
2014-05-27 21:39 - 2011-04-09 10:38 - 00003236 _____ () C:\Windows\Sandboxie.ini
2014-05-27 00:28 - 2012-09-16 21:15 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-05-25 11:03 - 2011-03-24 23:23 - 00000000 ___RD () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 11:02 - 2012-07-30 22:07 - 00001021 _____ () C:\Users\mark\Desktop\Dropbox.lnk
2014-05-25 11:02 - 2012-07-30 22:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 22:52 - 2014-05-24 22:52 - 00003150 _____ () C:\Windows\System32\Tasks\{CCC0453D-577A-4AE4-A5E1-15738E8A32E2}
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\testaccount\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2014-05-24 22:52 - 00002051 _____ () C:\Users\steve\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2011-11-21 23:21 - 00002051 _____ () C:\Users\UpdatusUser\Desktop\Race Into Space.lnk
2014-05-24 22:52 - 2011-04-12 21:14 - 00002051 _____ () C:\Users\mark\Desktop\Race Into Space.lnk
2014-05-24 22:50 - 2014-05-24 22:50 - 58580747 _____ () C:\Users\mark\Downloads\raceintospace-1.1.exe
2014-05-17 21:58 - 2012-11-09 23:36 - 00000000 ____D () C:\Users\mark\Documents\Battleground Europe
2014-05-16 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 18:39 - 2012-01-08 13:12 - 00000000 ___RD () C:\Users\mark\Virtual Machines
2014-05-16 18:39 - 2011-03-24 23:23 - 00000000 ___RD () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 18:37 - 2014-05-06 23:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 18:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 00:25 - 2011-03-28 19:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 00:22 - 2013-07-20 08:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 00:19 - 2011-07-23 10:51 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 23:05 - 2014-05-14 23:05 - 44594711 _____ () C:\Users\mark\Downloads\saintsrow3_ost_mp3_1374796048.zip
2014-05-14 19:24 - 2011-07-13 21:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-13 22:48 - 2014-05-13 22:47 - 72493419 _____ () C:\Users\mark\Downloads\Scorched3D-43.3d.exe
2014-05-13 22:48 - 2011-11-15 22:51 - 00000000 ____D () C:\Program Files (x86)\Scorched3D
2014-05-13 20:01 - 2012-04-01 10:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:01 - 2012-04-01 10:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:01 - 2011-05-15 10:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 18:52 - 2014-01-01 20:31 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 18:52 - 2013-11-28 20:14 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 18:52 - 2013-11-28 20:14 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-12 07:26 - 2014-06-04 18:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2011-04-09 10:30 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 11:58 - 2012-04-26 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsldr8y.dll
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\sfamcc00001.dll
C:\Users\mark\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 11:52

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:09 AM

Posted 11 June 2014 - 03:02 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 cubes

cubes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 11 June 2014 - 12:56 PM

Hi.  It detected one item but cure wasn't an option so it was skipped.

 

It wouldn't let me copy and paste the log (too big) so I've attached it.

Attached Files



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:09 AM

Posted 11 June 2014 - 01:07 PM

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

18:54:41.0186 0x1964 \Device\Harddisk3\DR3 ( TDSS File System ) - skipped by user
18:54:41.0186 0x1964 \Device\Harddisk3\DR3 ( TDSS File System ) - User select action: Skip


Please select Cure or Delete on these entries. Post the log.


Then make a new TDSS Killer Scan and post the Log ...

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 cubes

cubes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 11 June 2014 - 01:16 PM

Ok, I'll dig out the Windows disc and reformat and reinstall, sounds like the best option.  Thanks for the help.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:09 AM

Posted 11 June 2014 - 01:29 PM

OK I will close the topic as solved then.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:09 AM

Posted 11 June 2014 - 01:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users