Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
80 replies to this topic

#1 worknplay619

worknplay619

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 19 June 2014 - 02:11 PM

Need help with this HJT log.  I have been getting BSOD constantly within minuted of starting my machine up after running various programs (games, browsers, etc.).  Hopefully someone can help.  Cheers!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:54:02 PM, on 6/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
 
FIREFOX: 22.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Lo\Downloads\HijackThis.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}] "C:\ProgramData\Microsoft\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}.exe"
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [systemxpcom] rundll32.exe "c:\users\lo\appdata\roaming\e5a2\systemxpcom.dll",DllRegisterServer
O4 - HKLM\..\Policies\Explorer\Run: [{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}] "C:\ProgramData\Microsoft\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: keucce.exe (User 'Default user')
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{642F3C92-069A-4E42-A178-8F1569DC7487}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{642F3C92-069A-4E42-A178-8F1569DC7487}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{642F3C92-069A-4E42-A178-8F1569DC7487}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8985 bytes
 


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:52 PM

Posted 24 June 2014 - 08:46 AM

Greetings worknplay619 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • BSOD.txt
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 24 June 2014 - 07:48 PM

  • FRST results
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Lo (administrator) on LO-PC on 24-06-2014 19:25:50
Running from C:\Users\Lo\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1096480 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}] => C:\ProgramData\Microsoft\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}.exe [144950 2014-06-19] ()
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-06-19] (NCSOFT Corporation)
HKLM\...\Policies\Explorer\Run: [{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}] => C:\ProgramData\Microsoft\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}.exe [144950 2014-06-19] ( ())
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\.DEFAULT\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\.DEFAULT\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [Google Update] => C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-14] (Google Inc.)
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [systemxpcom] => rundll32.exe "c:\users\lo\appdata\roaming\e5a2\systemxpcom.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [videoactivex] => rundll32.exe "c:\users\lo\appdata\roaming\e5a2\videoactivex.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\MountPoints2: {07c383ad-2295-11e0-8320-00219b26ceaf} - E:\launcher.exe
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\MountPoints2: {1a2cf7fa-f1b7-11e2-8d1e-00219b26ceaf} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\MountPoints2: {66c9ecc3-6107-11e1-b56f-00219b26ceaf} - E:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\MountPoints2: {8df39827-0c0b-11e0-8c96-00219b26ceaf} - E:\launcher.exe
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\MountPoints2: {dfe3533b-c828-11e2-be12-00219b26ceaf} - "E:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe (DT Soft Ltd)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC256AA691981CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C1D36DC1-C104-11E2-AFFE-00219B26CEAF}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{642F3C92-069A-4E42-A178-8F1569DC7487}: [NameServer]208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\Lo\AppData\Roaming\Mozilla\Firefox\Profiles\6drwlr3f.default-1365493814175
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Lo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Lo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Lo\AppData\Roaming\Mozilla\Firefox\Profiles\6drwlr3f.default-1365493814175\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lo\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-12]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2013-10-16]
CHR Extension: (Skype Click to Call) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (FastestFox for Chrome) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-05-19]
CHR Extension: (Google Wallet) - C:\Users\Lo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Lo\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Lo\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Lo\AppData\Local\Google\Chrome\\User Data\\Default\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-05-19]
 
==================== Services (Whitelisted) =================
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-08-06] (Adobe Systems) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [51016 2014-06-09] (Google Inc.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [515072 2010-11-20] (Microsoft Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [515072 2010-11-20] (Microsoft Corporation) [File not signed]
S4 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx3.msi [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-24 19:25 - 2014-06-24 19:27 - 00021021 _____ () C:\Users\Lo\Downloads\FRST.txt
2014-06-24 19:25 - 2014-06-24 19:25 - 00000000 ____D () C:\FRST
2014-06-24 19:24 - 2014-06-24 19:24 - 02082816 _____ (Farbar) C:\Users\Lo\Downloads\FRST64.exe
2014-06-24 19:24 - 2014-06-24 19:24 - 00141480 _____ () C:\Users\Lo\Downloads\bluescreenview_setup.exe
2014-06-20 23:55 - 2014-06-20 23:55 - 00291552 _____ () C:\Windows\Minidump\062014-26582-01.dmp
2014-06-20 23:39 - 2014-06-20 23:39 - 00291552 _____ () C:\Windows\Minidump\062014-30092-01.dmp
2014-06-20 23:24 - 2014-06-20 23:24 - 00291552 _____ () C:\Windows\Minidump\062014-36020-01.dmp
2014-06-20 23:11 - 2014-06-20 23:11 - 00291552 _____ () C:\Windows\Minidump\062014-25443-02.dmp
2014-06-20 22:58 - 2014-06-20 22:58 - 00289232 _____ () C:\Windows\Minidump\062014-34460-01.dmp
2014-06-20 22:50 - 2014-06-20 22:50 - 00291552 _____ () C:\Windows\Minidump\062014-32136-01.dmp
2014-06-20 22:38 - 2014-06-20 22:38 - 00291552 _____ () C:\Windows\Minidump\062014-24055-01.dmp
2014-06-20 22:07 - 2014-06-20 22:07 - 00291552 _____ () C:\Windows\Minidump\062014-27627-01.dmp
2014-06-20 21:59 - 2014-06-20 21:59 - 00291552 _____ () C:\Windows\Minidump\062014-25396-01.dmp
2014-06-20 21:44 - 2014-06-20 21:44 - 00291552 _____ () C:\Windows\Minidump\062014-27362-02.dmp
2014-06-20 21:29 - 2014-06-20 21:29 - 00291552 _____ () C:\Windows\Minidump\062014-31527-01.dmp
2014-06-20 21:18 - 2014-06-20 21:18 - 00291552 _____ () C:\Windows\Minidump\062014-30014-01.dmp
2014-06-20 20:45 - 2014-06-20 20:45 - 00291552 _____ () C:\Windows\Minidump\062014-33524-01.dmp
2014-06-20 20:23 - 2014-06-20 20:23 - 00291376 _____ () C:\Windows\Minidump\062014-31184-01.dmp
2014-06-20 20:15 - 2014-06-20 20:15 - 00291552 _____ () C:\Windows\Minidump\062014-26176-01.dmp
2014-06-20 20:00 - 2014-06-20 20:00 - 00291552 _____ () C:\Windows\Minidump\062014-23259-01.dmp
2014-06-20 19:39 - 2014-06-20 19:39 - 00291552 _____ () C:\Windows\Minidump\062014-41496-01.dmp
2014-06-20 19:24 - 2014-06-20 19:25 - 00291552 _____ () C:\Windows\Minidump\062014-34273-01.dmp
2014-06-20 19:16 - 2014-06-20 19:16 - 00291552 _____ () C:\Windows\Minidump\062014-37955-01.dmp
2014-06-20 19:02 - 2014-06-20 19:03 - 00291192 _____ () C:\Windows\Minidump\062014-27783-01.dmp
2014-06-20 18:50 - 2014-06-20 18:50 - 00291544 _____ () C:\Windows\Minidump\062014-29874-01.dmp
2014-06-20 18:42 - 2014-06-20 18:42 - 00291552 _____ () C:\Windows\Minidump\062014-28594-01.dmp
2014-06-20 18:18 - 2014-06-20 18:18 - 00291552 _____ () C:\Windows\Minidump\062014-31122-01.dmp
2014-06-20 18:02 - 2014-06-20 18:02 - 00291616 _____ () C:\Windows\Minidump\062014-28485-01.dmp
2014-06-20 17:55 - 2014-06-20 17:55 - 00291608 _____ () C:\Windows\Minidump\062014-27315-01.dmp
2014-06-20 17:25 - 2014-06-20 17:25 - 00291552 _____ () C:\Windows\Minidump\062014-26364-01.dmp
2014-06-20 16:57 - 2014-06-20 16:57 - 00291552 _____ () C:\Windows\Minidump\062014-24445-01.dmp
2014-06-20 16:37 - 2014-06-20 16:37 - 00291552 _____ () C:\Windows\Minidump\062014-36239-01.dmp
2014-06-20 16:17 - 2014-06-20 16:17 - 00291552 _____ () C:\Windows\Minidump\062014-28891-01.dmp
2014-06-20 16:05 - 2014-06-20 16:05 - 00291552 _____ () C:\Windows\Minidump\062014-33275-01.dmp
2014-06-20 15:45 - 2014-06-20 15:45 - 00291600 _____ () C:\Windows\Minidump\062014-30872-01.dmp
2014-06-20 15:31 - 2014-06-20 15:31 - 00291552 _____ () C:\Windows\Minidump\062014-26020-01.dmp
2014-06-20 15:22 - 2014-06-20 15:22 - 00291552 _____ () C:\Windows\Minidump\062014-45068-01.dmp
2014-06-20 15:09 - 2014-06-20 15:09 - 00291552 _____ () C:\Windows\Minidump\062014-37502-01.dmp
2014-06-20 14:47 - 2014-06-20 14:47 - 00291552 _____ () C:\Windows\Minidump\062014-26566-01.dmp
2014-06-20 14:24 - 2014-06-20 14:24 - 00291256 _____ () C:\Windows\Minidump\062014-23587-01.dmp
2014-06-20 14:17 - 2014-06-20 14:17 - 00291552 _____ () C:\Windows\Minidump\062014-36348-01.dmp
2014-06-20 14:09 - 2014-06-20 14:09 - 00291552 _____ () C:\Windows\Minidump\062014-25724-01.dmp
2014-06-20 13:43 - 2014-06-20 13:43 - 00291552 _____ () C:\Windows\Minidump\062014-36785-01.dmp
2014-06-20 13:37 - 2014-06-20 13:37 - 00291552 _____ () C:\Windows\Minidump\062014-42837-01.dmp
2014-06-20 13:11 - 2014-06-20 13:11 - 00291552 _____ () C:\Windows\Minidump\062014-24772-01.dmp
2014-06-20 12:53 - 2014-06-20 12:53 - 00289136 _____ () C:\Windows\Minidump\062014-35771-01.dmp
2014-06-20 12:45 - 2014-06-20 12:45 - 00291552 _____ () C:\Windows\Minidump\062014-30591-01.dmp
2014-06-20 12:06 - 2014-06-20 12:06 - 00291552 _____ () C:\Windows\Minidump\062014-31247-01.dmp
2014-06-20 11:56 - 2014-06-20 11:56 - 00291552 _____ () C:\Windows\Minidump\062014-25459-01.dmp
2014-06-20 11:38 - 2014-06-20 11:39 - 00291552 _____ () C:\Windows\Minidump\062014-29468-01.dmp
2014-06-20 11:03 - 2014-06-20 11:03 - 00291552 _____ () C:\Windows\Minidump\062014-31028-01.dmp
2014-06-20 10:54 - 2014-06-20 10:54 - 00291552 _____ () C:\Windows\Minidump\062014-32791-01.dmp
2014-06-20 10:23 - 2014-06-20 10:24 - 00291552 _____ () C:\Windows\Minidump\062014-21325-01.dmp
2014-06-20 10:06 - 2014-06-20 10:06 - 00291496 _____ () C:\Windows\Minidump\062014-24492-01.dmp
2014-06-19 14:36 - 2014-06-19 14:36 - 00000000 ____D () C:\Users\Lo\Desktop\MB WIN7 ATK
2014-06-19 14:35 - 2014-06-19 14:35 - 00119877 _____ () C:\Users\Lo\Downloads\MB_WIN7_ATK.ZIP
2014-06-19 13:54 - 2014-06-19 13:54 - 00008986 _____ () C:\Users\Lo\Desktop\hijackthis.log
2014-06-19 10:12 - 2014-06-20 10:19 - 00000000 ____D () C:\Users\Lo\AppData\Roaming\E5A2
2014-06-19 09:17 - 2014-06-19 09:17 - 00002220 _____ () C:\Users\Public\Desktop\Aion.lnk
2014-06-19 09:17 - 2014-06-19 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-06-19 09:17 - 2014-06-19 09:17 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-06-19 09:16 - 2014-06-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2014-06-19 09:16 - 2014-06-19 09:16 - 00000000 ____D () C:\Program Files (x86)\NCWest
2014-06-19 09:13 - 2014-06-19 09:13 - 05003264 _____ (NC Interactive, LLC) C:\Users\Lo\Downloads\AionInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-24 19:27 - 2014-06-24 19:25 - 00021021 _____ () C:\Users\Lo\Downloads\FRST.txt
2014-06-24 19:25 - 2014-06-24 19:25 - 00000000 ____D () C:\FRST
2014-06-24 19:24 - 2014-06-24 19:24 - 02082816 _____ (Farbar) C:\Users\Lo\Downloads\FRST64.exe
2014-06-24 19:24 - 2014-06-24 19:24 - 00141480 _____ () C:\Users\Lo\Downloads\bluescreenview_setup.exe
2014-06-24 19:21 - 2012-07-30 22:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 19:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At44.job
2014-06-24 19:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At20.job
2014-06-24 18:42 - 2013-02-18 21:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 18:41 - 2012-05-14 21:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001UA.job
2014-06-24 18:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At43.job
2014-06-24 18:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At19.job
2014-06-24 17:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At42.job
2014-06-24 17:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At18.job
2014-06-24 16:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At41.job
2014-06-24 16:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At17.job
2014-06-24 15:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At40.job
2014-06-24 15:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At16.job
2014-06-24 14:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At39.job
2014-06-24 14:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At15.job
2014-06-24 13:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At38.job
2014-06-24 13:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At14.job
2014-06-24 12:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At37.job
2014-06-24 12:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At13.job
2014-06-24 11:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At36.job
2014-06-24 11:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At12.job
2014-06-24 10:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At35.job
2014-06-24 10:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At11.job
2014-06-24 09:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At34.job
2014-06-24 09:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At10.job
2014-06-24 08:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At33.job
2014-06-24 08:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At9.job
2014-06-24 07:42 - 2013-02-18 21:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 07:41 - 2012-05-14 21:29 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001Core.job
2014-06-24 07:41 - 2009-07-13 23:45 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 07:41 - 2009-07-13 23:45 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 07:38 - 2009-07-14 00:13 - 00006048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 07:34 - 2012-09-29 09:51 - 00000000 ____D () C:\Users\Lo\AppData\Local\TSVNCache
2014-06-24 07:34 - 2010-12-20 02:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-24 07:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 07:34 - 2009-07-13 23:51 - 00138108 _____ () C:\Windows\setupact.log
2014-06-24 05:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At30.job
2014-06-24 05:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At6.job
2014-06-24 04:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At29.job
2014-06-24 04:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At5.job
2014-06-24 03:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At28.job
2014-06-24 03:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At4.job
2014-06-24 02:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At27.job
2014-06-24 02:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At3.job
2014-06-24 01:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At26.job
2014-06-24 01:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At2.job
2014-06-24 00:37 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At25.job
2014-06-24 00:37 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At1.job
2014-06-23 23:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At48.job
2014-06-23 23:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At24.job
2014-06-23 22:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At47.job
2014-06-23 22:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At23.job
2014-06-23 21:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At46.job
2014-06-23 21:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At22.job
2014-06-23 20:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At45.job
2014-06-23 20:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At21.job
2014-06-21 07:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At32.job
2014-06-21 07:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At8.job
2014-06-21 06:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At31.job
2014-06-21 06:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At7.job
2014-06-20 23:55 - 2014-06-20 23:55 - 00291552 _____ () C:\Windows\Minidump\062014-26582-01.dmp
2014-06-20 23:55 - 2010-12-24 18:19 - 378964902 _____ () C:\Windows\MEMORY.DMP
2014-06-20 23:55 - 2010-12-24 18:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-20 23:39 - 2014-06-20 23:39 - 00291552 _____ () C:\Windows\Minidump\062014-30092-01.dmp
2014-06-20 23:24 - 2014-06-20 23:24 - 00291552 _____ () C:\Windows\Minidump\062014-36020-01.dmp
2014-06-20 23:11 - 2014-06-20 23:11 - 00291552 _____ () C:\Windows\Minidump\062014-25443-02.dmp
2014-06-20 22:58 - 2014-06-20 22:58 - 00289232 _____ () C:\Windows\Minidump\062014-34460-01.dmp
2014-06-20 22:50 - 2014-06-20 22:50 - 00291552 _____ () C:\Windows\Minidump\062014-32136-01.dmp
2014-06-20 22:50 - 2009-07-14 00:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 22:38 - 2014-06-20 22:38 - 00291552 _____ () C:\Windows\Minidump\062014-24055-01.dmp
2014-06-20 22:07 - 2014-06-20 22:07 - 00291552 _____ () C:\Windows\Minidump\062014-27627-01.dmp
2014-06-20 21:59 - 2014-06-20 21:59 - 00291552 _____ () C:\Windows\Minidump\062014-25396-01.dmp
2014-06-20 21:44 - 2014-06-20 21:44 - 00291552 _____ () C:\Windows\Minidump\062014-27362-02.dmp
2014-06-20 21:29 - 2014-06-20 21:29 - 00291552 _____ () C:\Windows\Minidump\062014-31527-01.dmp
2014-06-20 21:18 - 2014-06-20 21:18 - 00291552 _____ () C:\Windows\Minidump\062014-30014-01.dmp
2014-06-20 20:45 - 2014-06-20 20:45 - 00291552 _____ () C:\Windows\Minidump\062014-33524-01.dmp
2014-06-20 20:23 - 2014-06-20 20:23 - 00291376 _____ () C:\Windows\Minidump\062014-31184-01.dmp
2014-06-20 20:15 - 2014-06-20 20:15 - 00291552 _____ () C:\Windows\Minidump\062014-26176-01.dmp
2014-06-20 20:00 - 2014-06-20 20:00 - 00291552 _____ () C:\Windows\Minidump\062014-23259-01.dmp
2014-06-20 19:39 - 2014-06-20 19:39 - 00291552 _____ () C:\Windows\Minidump\062014-41496-01.dmp
2014-06-20 19:25 - 2014-06-20 19:24 - 00291552 _____ () C:\Windows\Minidump\062014-34273-01.dmp
2014-06-20 19:16 - 2014-06-20 19:16 - 00291552 _____ () C:\Windows\Minidump\062014-37955-01.dmp
2014-06-20 19:03 - 2014-06-20 19:02 - 00291192 _____ () C:\Windows\Minidump\062014-27783-01.dmp
2014-06-20 18:50 - 2014-06-20 18:50 - 00291544 _____ () C:\Windows\Minidump\062014-29874-01.dmp
2014-06-20 18:42 - 2014-06-20 18:42 - 00291552 _____ () C:\Windows\Minidump\062014-28594-01.dmp
2014-06-20 18:18 - 2014-06-20 18:18 - 00291552 _____ () C:\Windows\Minidump\062014-31122-01.dmp
2014-06-20 18:02 - 2014-06-20 18:02 - 00291616 _____ () C:\Windows\Minidump\062014-28485-01.dmp
2014-06-20 17:55 - 2014-06-20 17:55 - 00291608 _____ () C:\Windows\Minidump\062014-27315-01.dmp
2014-06-20 17:25 - 2014-06-20 17:25 - 00291552 _____ () C:\Windows\Minidump\062014-26364-01.dmp
2014-06-20 16:57 - 2014-06-20 16:57 - 00291552 _____ () C:\Windows\Minidump\062014-24445-01.dmp
2014-06-20 16:37 - 2014-06-20 16:37 - 00291552 _____ () C:\Windows\Minidump\062014-36239-01.dmp
2014-06-20 16:17 - 2014-06-20 16:17 - 00291552 _____ () C:\Windows\Minidump\062014-28891-01.dmp
2014-06-20 16:05 - 2014-06-20 16:05 - 00291552 _____ () C:\Windows\Minidump\062014-33275-01.dmp
2014-06-20 15:45 - 2014-06-20 15:45 - 00291600 _____ () C:\Windows\Minidump\062014-30872-01.dmp
2014-06-20 15:31 - 2014-06-20 15:31 - 00291552 _____ () C:\Windows\Minidump\062014-26020-01.dmp
2014-06-20 15:22 - 2014-06-20 15:22 - 00291552 _____ () C:\Windows\Minidump\062014-45068-01.dmp
2014-06-20 15:09 - 2014-06-20 15:09 - 00291552 _____ () C:\Windows\Minidump\062014-37502-01.dmp
2014-06-20 14:47 - 2014-06-20 14:47 - 00291552 _____ () C:\Windows\Minidump\062014-26566-01.dmp
2014-06-20 14:24 - 2014-06-20 14:24 - 00291256 _____ () C:\Windows\Minidump\062014-23587-01.dmp
2014-06-20 14:17 - 2014-06-20 14:17 - 00291552 _____ () C:\Windows\Minidump\062014-36348-01.dmp
2014-06-20 14:09 - 2014-06-20 14:09 - 00291552 _____ () C:\Windows\Minidump\062014-25724-01.dmp
2014-06-20 13:43 - 2014-06-20 13:43 - 00291552 _____ () C:\Windows\Minidump\062014-36785-01.dmp
2014-06-20 13:37 - 2014-06-20 13:37 - 00291552 _____ () C:\Windows\Minidump\062014-42837-01.dmp
2014-06-20 13:11 - 2014-06-20 13:11 - 00291552 _____ () C:\Windows\Minidump\062014-24772-01.dmp
2014-06-20 12:53 - 2014-06-20 12:53 - 00289136 _____ () C:\Windows\Minidump\062014-35771-01.dmp
2014-06-20 12:45 - 2014-06-20 12:45 - 00291552 _____ () C:\Windows\Minidump\062014-30591-01.dmp
2014-06-20 12:06 - 2014-06-20 12:06 - 00291552 _____ () C:\Windows\Minidump\062014-31247-01.dmp
2014-06-20 11:56 - 2014-06-20 11:56 - 00291552 _____ () C:\Windows\Minidump\062014-25459-01.dmp
2014-06-20 11:39 - 2014-06-20 11:38 - 00291552 _____ () C:\Windows\Minidump\062014-29468-01.dmp
2014-06-20 11:03 - 2014-06-20 11:03 - 00291552 _____ () C:\Windows\Minidump\062014-31028-01.dmp
2014-06-20 10:54 - 2014-06-20 10:54 - 00291552 _____ () C:\Windows\Minidump\062014-32791-01.dmp
2014-06-20 10:24 - 2014-06-20 10:23 - 00291552 _____ () C:\Windows\Minidump\062014-21325-01.dmp
2014-06-20 10:19 - 2014-06-19 10:12 - 00000000 ____D () C:\Users\Lo\AppData\Roaming\E5A2
2014-06-20 10:06 - 2014-06-20 10:06 - 00291496 _____ () C:\Windows\Minidump\062014-24492-01.dmp
2014-06-19 23:29 - 2014-04-17 23:13 - 00000077 _____ () C:\Windows\system32\omxv.zaz
2014-06-19 14:36 - 2014-06-19 14:36 - 00000000 ____D () C:\Users\Lo\Desktop\MB WIN7 ATK
2014-06-19 14:35 - 2014-06-19 14:35 - 00119877 _____ () C:\Users\Lo\Downloads\MB_WIN7_ATK.ZIP
2014-06-19 13:54 - 2014-06-19 13:54 - 00008986 _____ () C:\Users\Lo\Desktop\hijackthis.log
2014-06-19 13:30 - 2013-10-17 00:17 - 00000000 ____D () C:\Users\Lo\Desktop\New folder (5)
2014-06-19 13:00 - 2013-02-26 21:03 - 00000000 ____D () C:\Users\Lo\AppData\Roaming\Electronic Arts
2014-06-19 13:00 - 2012-05-14 21:29 - 00000000 ____D () C:\Users\Lo\AppData\Local\Google
2014-06-19 12:36 - 2010-12-20 02:23 - 01448836 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 09:22 - 2012-07-30 22:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-19 09:22 - 2012-04-25 13:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 09:22 - 2011-06-15 18:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 09:17 - 2014-06-19 09:17 - 00002220 _____ () C:\Users\Public\Desktop\Aion.lnk
2014-06-19 09:17 - 2014-06-19 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-06-19 09:17 - 2014-06-19 09:17 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-06-19 09:17 - 2012-12-31 19:18 - 00000000 ___HD () C:\Program Files (x86)\installshield installation information
2014-06-19 09:16 - 2014-06-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2014-06-19 09:16 - 2014-06-19 09:16 - 00000000 ____D () C:\Program Files (x86)\NCWest
2014-06-19 09:13 - 2014-06-19 09:13 - 05003264 _____ (NC Interactive, LLC) C:\Users\Lo\Downloads\AionInstaller.exe
2014-06-19 07:42 - 2010-12-20 02:28 - 00000000 ____D () C:\Users\Lo\AppData\Roaming\Mozilla
2014-06-19 07:37 - 2013-02-18 21:49 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 07:37 - 2013-02-18 21:49 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 07:36 - 2012-05-14 21:29 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001UA
2014-06-19 07:36 - 2012-05-14 21:29 - 00003464 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001Core
 
ZeroAccess:
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\00000004.@
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\201d3dde
 
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@
 
Files to move or delete:
====================
C:\ProgramData\5lKtAq8oy.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
 
 
Some content of TEMP:
====================
C:\Users\Lo\AppData\Local\Temp\3qhfuebj.dll
C:\Users\Lo\AppData\Local\Temp\buddyupdater1768708.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater489630447.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater5130202.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater5873609.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater7772609.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater86611.exe
C:\Users\Lo\AppData\Local\Temp\m1vxythc.dll
C:\Users\Lo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lo\AppData\Local\Temp\nvStInst.exe
C:\Users\Lo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lo\AppData\Local\Temp\uslefjcx.dll
C:\Users\Lo\AppData\Local\Temp\vsasiv1g.dll
C:\Users\Lo\AppData\Local\Temp\wcrash.exe
C:\Users\Lo\AppData\Local\Temp\yvouixj.dll
C:\Users\Lo\AppData\Local\Temp\zfljpon.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2011-07-01 00:35] - [2010-11-20 08:27] - 0515072 ____A (Microsoft Corporation) 590CD918163A5A72AA1042DC84ADD0CC
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
TDL4: custom:26000022 <===== ATTENTION!
 
 
LastRegBack: 2014-06-19 21:03
 
==================== End Of Log ============================
  • Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Lo at 2014-06-24 19:28:06
Running from C:\Users\Lo\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version:  - )
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Chrome Remote Desktop Host (HKLM-x32\...\{E64DFAE4-63F1-4795-88E6-5BE209B78849}) (Version: 36.0.1985.62 - Google Inc.)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MPC-HC 1.6.2.4902 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.2.4902 - MPC-HC Team)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.9 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
TortoiseSVN 1.7.9.23248 (64 bit) (HKLM\...\{5D762D74-E92F-4E95-9255-D85312617E4D}) (Version: 1.7.23248 - TortoiseSVN)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Restore Points  =========================
 
16-02-2014 21:56:58 Scheduled Checkpoint
28-02-2014 15:07:46 Scheduled Checkpoint
08-03-2014 06:00:04 Scheduled Checkpoint
16-03-2014 05:00:03 Scheduled Checkpoint
26-03-2014 02:50:56 Scheduled Checkpoint
19-06-2014 14:17:08 Installed Aion
19-06-2014 19:44:20 Removed ISO Recorder
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0155D458-793D-4773-86BB-03C86A7531B5} - System32\Tasks\At24 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {050D1A7D-F412-4CFA-BE30-9C43048DBD2F} - System32\Tasks\At18 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {055E47E1-486D-4D52-AE1A-90C6762CF6F0} - System32\Tasks\At30 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {05896050-C327-4310-A521-85A2F5A84B4E} - System32\Tasks\At32 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {06BD64D0-FE08-4F52-A47C-3905FB6B2661} - System32\Tasks\At44 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {0D5DFCAC-D1A6-42B8-94AC-214C826F45EC} - System32\Tasks\At13 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {0D696DCF-4F33-4F49-A389-E7DEE0BCD8C0} - System32\Tasks\At27 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {13ED579A-0D94-4679-830B-07C7C81EA182} - System32\Tasks\At4 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {23D08112-E71C-4EC6-9B92-45BDDC77018E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001Core => C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14] (Google Inc.)
Task: {2567B878-4553-4AA6-8D1F-F7A3BE077E68} - System32\Tasks\At38 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {28787AF2-9353-49EF-83D6-1495520B9CA3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {2AAFC5DD-6760-4848-A334-1432A6C921ED} - System32\Tasks\At5 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2F7164F4-55CC-4F1A-A2A7-CFC03BFCF132} - System32\Tasks\At17 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {327E0717-B907-49C9-AB16-AFAD6F3AE64B} - System32\Tasks\At1 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {36DCC7E2-5124-45FF-9A91-EC3C168DD22A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {3F176220-F0AF-4655-A0B5-74595FA18293} - System32\Tasks\At15 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {40CE23D0-B56E-4CB3-AA60-FAFD518912B2} - System32\Tasks\At19 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {430BD962-661A-487C-9D9A-EB33F3C54983} - System32\Tasks\At28 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {49F64E85-7507-4487-B38E-74BACD7FFDD0} - System32\Tasks\At16 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4A8CF909-5BD5-4A92-AA4B-DD669AE17D1C} - System32\Tasks\At2 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4AA5210D-6A9C-4153-A770-9800DEB0AEFC} - System32\Tasks\At48 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4DA3575C-C05A-4ADE-AF77-5A7D2EB1330D} - System32\Tasks\At8 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {500704CB-D33E-4FE0-98FB-10BC26787343} - System32\Tasks\At36 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {55A3741A-81CF-45FF-AA34-9122D78E8241} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19] (Adobe Systems Incorporated)
Task: {58475668-8024-4FED-BEB7-293E2A320032} - System32\Tasks\At22 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5A1B34F5-A7DC-4EEA-B7D1-58F7DDC5F0EC} - System32\Tasks\At34 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5A4A766F-0E44-45C3-AA50-5118DC778FF1} - System32\Tasks\At46 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5ED59A69-7C46-44EC-94BC-50771EB4ABC3} - System32\Tasks\PC Optimizer Pro64 Scan => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {5EDAE3FC-A3D4-4258-A507-C0AE03DB00C1} - System32\Tasks\At21 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {60098F1B-8644-4F08-9F3B-F642C2E5AB25} - System32\Tasks\At42 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {6133C395-0A6B-430E-9E4A-61A26D25407B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {6608D700-04E0-4697-AD98-8847C8D6E91D} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {6D0E8D93-D869-4479-8610-DC37CA4FFF89} - System32\Tasks\At9 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {6ED1F6F3-B98A-41B9-98F7-A7268D19EE05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001UA => C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14] (Google Inc.)
Task: {757ED991-2107-4DCB-9001-2DBEF5FFCB39} - System32\Tasks\At45 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {76CAC68A-97AA-498B-B2F5-A43923081813} - System32\Tasks\{12DE2169-0657-4A04-B0D1-03C8696E7014} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {78676F48-4710-4B9B-A0F9-42E9BEA03C6E} - System32\Tasks\At35 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {810F4D7F-5764-4B7C-95B3-43E64908535C} - System32\Tasks\At6 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {821C1EE3-9D0A-47EC-A3C7-CBDD26B0E518} - System32\Tasks\At7 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {834FCDFD-1589-4CEF-884C-F430400833D8} - System32\Tasks\At47 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {8410A44E-DADC-44B2-AD41-1665EAC407F8} - System32\Tasks\At10 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {873D4CDF-CF91-4F03-8EDF-F2C6A46AB0B2} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {88F7E068-5C3B-439E-938A-F21E0BFE73A9} - System32\Tasks\TopArcadeHits => C:\Users\Lo\AppData\Local\TopArcadeHits\updater.exe
Task: {9C6867EC-D81B-4DEF-BB27-A846333A674C} - System32\Tasks\At31 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {9E2A77E8-94C3-41E1-A555-0416EA3A5C11} - System32\Tasks\At25 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {A554DA1B-2351-4F47-A935-2155C9D651BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {B33D09FC-87A7-4AD5-A958-49B63F69FD30} - System32\Tasks\At37 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B52B4B05-7C6B-4A2D-A729-002D02B9FD67} - System32\Tasks\At41 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B59DF53F-799E-4597-A080-B22807A94198} - System32\Tasks\At39 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {BA9D29D0-E864-45B1-8AB2-A0AFA581A694} - System32\Tasks\{8FEF6309-E8A5-4232-801D-8F9EED0BDA80} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {C2343A6E-88B1-488E-8F26-D6467F1494E2} - System32\Tasks\At26 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C24671A6-C1DA-4E53-9636-055CFF8E9DD2} - System32\Tasks\At14 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C2A93038-1EF4-44E5-BD0E-803996035B37} - System32\Tasks\At20 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C87196CB-A580-4B67-9393-25143BCAF7B1} - System32\Tasks\At29 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {CCE44B9B-D7A7-44F6-B7B6-D3DDF230B641} - System32\Tasks\At43 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {D06334CC-1AE3-461E-ABC6-AC7FCA25F466} - System32\Tasks\At11 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {DD5588FC-7741-49FF-B8AA-024A2626F0B0} - System32\Tasks\At12 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {DDFF578C-962A-4ABF-B0DD-0D4703378F0B} - System32\Tasks\{BF71FF1E-06ED-497B-943C-985B6FBA3E97} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
Task: {DFE126E5-D010-4580-83BD-54F29ADCF3E5} - System32\Tasks\At23 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {E0F0CC0D-A2CD-4FB8-AF9D-914BE7E85E29} - System32\Tasks\At40 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {E5735A35-4989-49E0-9B16-76F7AC462915} - System32\Tasks\At3 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {EB9B2F08-6CD7-4E74-A4B0-44B1346E2AE7} - System32\Tasks\{E981FEC1-7A8B-4ABF-87C6-7C4991ACEF71} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;alreadyoffered
Task: {F5EEFE3D-594D-4E3D-8267-578EFA8AE601} - System32\Tasks\At33 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {FB03B161-699E-4639-BA4F-803A8F5EFD48} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At10.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At11.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At12.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At13.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At14.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At15.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At16.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At17.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At18.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At19.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At2.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At20.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At21.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At22.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At23.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At24.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At25.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At26.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At27.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At28.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At29.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At3.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At30.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At31.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At32.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At33.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At34.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At35.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At36.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At37.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At38.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At39.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At4.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At40.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At41.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At42.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At43.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At44.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At45.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At46.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At47.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At48.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At5.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At6.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At7.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At8.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\At9.job => C:\ProgramData\8U1gMRqA.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001Core.job => C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001UA.job => C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-26 11:50 - 2013-12-19 13:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-30 19:57 - 2012-08-30 19:57 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-12-20 02:48 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-06-19 07:45 - 2014-06-05 08:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-19 07:45 - 2014-06-05 08:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-19 07:45 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-19 07:45 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-19 07:45 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-19 07:45 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McOobeSv => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MusicManager => "C:\Users\Lo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: Razer Naga Driver => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2014 07:38:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/24/2014 07:38:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/23/2014 00:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/23/2014 00:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/23/2014 07:48:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/23/2014 07:48:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/21/2014 00:01:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/21/2014 00:01:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/20/2014 11:44:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/20/2014 11:44:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (06/24/2014 07:34:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (06/24/2014 07:34:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (06/24/2014 07:34:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (06/24/2014 07:34:16 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (06/24/2014 07:34:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The AMD External Events Utility .NET. service terminated with the following error: 
%%126
 
Error: (06/24/2014 07:34:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (06/24/2014 07:34:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:01:40 AM on ‎6/‎24/‎2014 was unexpected.
 
Error: (06/23/2014 00:29:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (06/23/2014 00:29:53 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (06/23/2014 00:29:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
 
Microsoft Office Sessions:
=========================
Error: (06/24/2014 07:38:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/24/2014 07:38:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (06/23/2014 00:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/23/2014 00:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (06/23/2014 07:48:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/23/2014 07:48:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (06/21/2014 00:01:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/21/2014 00:01:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (06/20/2014 11:44:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/20/2014 11:44:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-08-09 00:55:01.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-08-09 00:55:01.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-08-09 00:55:01.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 86%
Total physical RAM: 3070.99 MB
Available physical RAM: 420.93 MB
Total Pagefile: 6140.17 MB
Available Pagefile: 3021.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.54 GB) (Free:373.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F4852968)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
  • BSOD.txt
==================================================
Dump File         : 062414-31902-01.dmp
Crash Time        : 6/24/2014 7:31:01 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0366c7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062414-31902-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/24/2014 7:32:24 PM
==================================================
 
==================================================
Dump File         : 062014-26582-01.dmp
Crash Time        : 6/20/2014 11:53:39 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0366f7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-26582-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:55:14 PM
==================================================
 
==================================================
Dump File         : 062014-30092-01.dmp
Crash Time        : 6/20/2014 11:38:00 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036c17ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-30092-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:39:38 PM
==================================================
 
==================================================
Dump File         : 062014-36020-01.dmp
Crash Time        : 6/20/2014 11:22:54 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036bd7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-36020-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:24:36 PM
==================================================
 
==================================================
Dump File         : 062014-25443-02.dmp
Crash Time        : 6/20/2014 11:10:09 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0370f813
Parameter 3       : 00000000`00000000
Parameter 4       : 00000002`000002e0
Caused By Driver  : hal.dll
Caused By Address : hal.dll+462f
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-25443-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:11:47 PM
==================================================
 
==================================================
Dump File         : 062014-34460-01.dmp
Crash Time        : 6/20/2014 10:56:23 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0367c7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-34460-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 289,232
Dump File Time    : 6/20/2014 10:58:04 PM
==================================================
 
==================================================
Dump File         : 062014-32136-01.dmp
Crash Time        : 6/20/2014 10:48:46 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ataport.SYS
Caused By Address : ataport.SYS+15594
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+7f190
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-32136-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 10:50:25 PM
==================================================
 
==================================================
Dump File         : 062014-24055-01.dmp
Crash Time        : 6/20/2014 10:36:48 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`000000b8
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03666c26
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-24055-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 10:38:20 PM
==================================================
 
==================================================
Dump File         : 062014-27627-01.dmp
Crash Time        : 6/20/2014 10:05:37 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000088
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03664c26
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-27627-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 10:07:12 PM
==================================================
 
==================================================
Dump File         : 062014-25396-01.dmp
Crash Time        : 6/20/2014 9:57:37 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036757ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-25396-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 9:59:15 PM
==================================================
 
==================================================
Dump File         : 062014-27362-02.dmp
Crash Time        : 6/20/2014 9:42:52 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0366a7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-27362-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 9:44:34 PM
==================================================
 
==================================================
Dump File         : 062014-31527-01.dmp
Crash Time        : 6/20/2014 9:28:03 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000088
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03660c26
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-31527-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 9:29:40 PM
==================================================
 
==================================================
Dump File         : 062014-30014-01.dmp
Crash Time        : 6/20/2014 9:16:41 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0366e7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-30014-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 9:18:14 PM
==================================================
 
==================================================
Dump File         : 062014-33524-01.dmp
Crash Time        : 6/20/2014 8:43:42 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0366f7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-33524-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 8:45:21 PM
==================================================
 
==================================================
Dump File         : 062014-31184-01.dmp
Crash Time        : 6/20/2014 8:21:48 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036ab7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-31184-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,376
Dump File Time    : 6/20/2014 8:23:26 PM
==================================================
 
==================================================
Dump File         : 062014-26176-01.dmp
Crash Time        : 6/20/2014 8:13:46 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0366f7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-26176-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 8:15:19 PM
==================================================
 
==================================================
Dump File         : 062014-23259-01.dmp
Crash Time        : 6/20/2014 7:58:37 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036787ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-23259-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 8:00:11 PM
==================================================
 
==================================================
Dump File         : 062014-41496-01.dmp
Crash Time        : 6/20/2014 7:38:10 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036677ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-41496-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 7:39:59 PM
==================================================
 
==================================================
Dump File         : 062014-34273-01.dmp
Crash Time        : 6/20/2014 7:23:14 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffffa80`03ce6bb0
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa8000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-34273-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 7:25:01 PM
==================================================
 
==================================================
Dump File         : 062014-37955-01.dmp
Crash Time        : 6/20/2014 7:14:39 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036c77ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-37955-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 7:16:30 PM
==================================================
 
==================================================
Dump File         : 062014-27783-01.dmp
Crash Time        : 6/20/2014 7:01:20 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0367e7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-27783-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,192
Dump File Time    : 6/20/2014 7:03:02 PM
==================================================
 
==================================================
Dump File         : 062014-29874-01.dmp
Crash Time        : 6/20/2014 6:48:27 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000088
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`036c6c26
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-29874-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,544
Dump File Time    : 6/20/2014 6:50:03 PM
==================================================
 
==================================================
Dump File         : 062014-28594-01.dmp
Crash Time        : 6/20/2014 6:40:56 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036c07ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-28594-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 6:42:30 PM
==================================================
 
==================================================
Dump File         : 062014-31122-01.dmp
Crash Time        : 6/20/2014 6:16:21 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0367b7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-31122-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 6:18:18 PM
==================================================
 
==================================================
Dump File         : 062014-28485-01.dmp
Crash Time        : 6/20/2014 6:01:12 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`039816ea
Parameter 3       : 00000000`00000001
Parameter 4       : 00000000`00000018
Caused By Driver  : msahci.sys
Caused By Address : msahci.sys+1b7d
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-28485-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,616
Dump File Time    : 6/20/2014 6:02:46 PM
==================================================
 
==================================================
Dump File         : 062014-27315-01.dmp
Crash Time        : 6/20/2014 5:54:18 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036707ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-27315-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,608
Dump File Time    : 6/20/2014 5:55:53 PM
==================================================
 
==================================================
Dump File         : 062014-26364-01.dmp
Crash Time        : 6/20/2014 5:23:35 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036ad7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-26364-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 5:25:13 PM
==================================================
 
==================================================
Dump File         : 062014-24445-01.dmp
Crash Time        : 6/20/2014 4:56:27 PM
Bug Check String  : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000007e
Parameter 1       : ffffffff`c0000005
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`02fc0a28
Parameter 4       : fffff880`02fc0280
Caused By Driver  : 
Caused By Address : 
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : 
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-24445-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 4:57:56 PM
==================================================
 
==================================================
Dump File         : 062014-36239-01.dmp
Crash Time        : 6/20/2014 4:35:45 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036b07ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-36239-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 4:37:28 PM
==================================================
 
==================================================
Dump File         : 062014-28891-01.dmp
Crash Time        : 6/20/2014 4:15:42 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036a97ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-28891-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 4:17:20 PM
==================================================
 
==================================================
Dump File         : 062014-33275-01.dmp
Crash Time        : 6/20/2014 4:03:51 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036ac7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-33275-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 4:05:30 PM
==================================================
 
==================================================
Dump File         : 062014-30872-01.dmp
Crash Time        : 6/20/2014 3:44:13 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036c27ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-30872-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,600
Dump File Time    : 6/20/2014 3:45:49 PM
==================================================
 
==================================================
Dump File         : 062014-26020-01.dmp
Crash Time        : 6/20/2014 3:30:06 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036b17ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-26020-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 3:31:38 PM
==================================================
 
==================================================
Dump File         : 062014-45068-01.dmp
Crash Time        : 6/20/2014 3:20:23 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036707ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-45068-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 3:22:14 PM
==================================================
 
==================================================
Dump File         : 062014-37502-01.dmp
Crash Time        : 6/20/2014 3:08:04 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036677ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-37502-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 3:09:49 PM
==================================================
 
==================================================
Dump File         : 062014-26566-01.dmp
Crash Time        : 6/20/2014 2:45:47 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036bf7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-26566-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 2:47:20 PM
==================================================
 
==================================================
Dump File         : 062014-23587-01.dmp
Crash Time        : 6/20/2014 2:23:22 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036bf7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-23587-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,256
Dump File Time    : 6/20/2014 2:24:52 PM
==================================================
 
==================================================
Dump File         : 062014-36348-01.dmp
Crash Time        : 6/20/2014 2:15:37 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036b07ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-36348-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 2:17:21 PM
==================================================
 
==================================================
Dump File         : 062014-25724-01.dmp
Crash Time        : 6/20/2014 2:08:05 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000200`00000018
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`03679bf9
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-25724-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 2:09:37 PM
==================================================
 
==================================================
Dump File         : 062014-36785-01.dmp
Crash Time        : 6/20/2014 1:41:32 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000088
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0366ac26
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-36785-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 1:43:19 PM
==================================================
 
==================================================
Dump File         : 062014-42837-01.dmp
Crash Time        : 6/20/2014 1:35:57 PM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 00000000`00000020
Parameter 2       : fffffa80`051bd780
Parameter 3       : fffffa80`051bd7e0
Parameter 4       : 00000000`0406000d
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-42837-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 1:37:52 PM
==================================================
 
==================================================
Dump File         : 062014-24772-01.dmp
Crash Time        : 6/20/2014 1:10:14 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0365f7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-24772-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 1:11:45 PM
==================================================
 
==================================================
Dump File         : 062014-35771-01.dmp
Crash Time        : 6/20/2014 12:52:08 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0397e6ea
Parameter 3       : 00000000`00000001
Parameter 4       : 00000000`00000018
Caused By Driver  : msahci.sys
Caused By Address : msahci.sys+1b7d
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-35771-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 289,136
Dump File Time    : 6/20/2014 12:53:56 PM
==================================================
 
==================================================
Dump File         : 062014-30591-01.dmp
Crash Time        : 6/20/2014 12:43:42 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000088
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0366dc26
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-30591-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 12:45:26 PM
==================================================
 
==================================================
Dump File         : 062014-31247-01.dmp
Crash Time        : 6/20/2014 12:04:25 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036aa7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-31247-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 12:06:04 PM
==================================================
 
==================================================
Dump File         : 062014-25459-01.dmp
Crash Time        : 6/20/2014 11:55:10 AM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036b07ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-25459-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:56:41 AM
==================================================
 
==================================================
Dump File         : 062014-29468-01.dmp
Crash Time        : 6/20/2014 11:37:27 AM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036797ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-29468-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:39:03 AM
==================================================
 
==================================================
Dump File         : 062014-31028-01.dmp
Crash Time        : 6/20/2014 11:01:29 AM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`0367c7ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-31028-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 11:03:26 AM
==================================================
 
==================================================
Dump File         : 062014-32791-01.dmp
Crash Time        : 6/20/2014 10:52:56 AM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036687ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-32791-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 10:54:35 AM
==================================================
 
==================================================
Dump File         : 062014-21325-01.dmp
Crash Time        : 6/20/2014 10:22:30 AM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`036b27ef
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor         : x64
Crash Address     : ntoskrnl.exe+7f1c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\062014-21325-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,552
Dump File Time    : 6/20/2014 10:24:04 AM
==================================================
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:52 PM

Posted 24 June 2014 - 08:28 PM

Greetings,

Thanks for the information.

Your computer is heavily infected. I have some steps for you to take but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\.DEFAULT\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\.DEFAULT\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [systemxpcom] => rundll32.exe "c:\users\lo\appdata\roaming\e5a2\systemxpcom.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [videoactivex] => rundll32.exe "c:\users\lo\appdata\roaming\e5a2\videoactivex.dll",DllRegisterServer <===== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C1D36DC1-C104-11E2-AFFE-00219B26CEAF}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C1D36DC1-C104-11E2-AFFE-00219B26CEAF}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx3.msi [X]
C:\Windows\installer\AMDEx3.msi
2014-06-24 19:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At44.job
2014-06-24 19:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At20.job
2014-06-24 18:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At43.job
2014-06-24 18:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At19.job
2014-06-24 17:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At42.job
2014-06-24 17:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At18.job
2014-06-24 16:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At41.job
2014-06-24 16:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At17.job
2014-06-24 15:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At40.job
2014-06-24 15:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At16.job
2014-06-24 14:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At39.job
2014-06-24 14:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At15.job
2014-06-24 13:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At38.job
2014-06-24 13:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At14.job
2014-06-24 12:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At37.job
2014-06-24 12:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At13.job
2014-06-24 11:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At36.job
2014-06-24 11:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At12.job
2014-06-24 10:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At35.job
2014-06-24 10:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At11.job
2014-06-24 09:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At34.job
2014-06-24 09:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At10.job
2014-06-24 08:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At33.job
2014-06-24 08:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At9.job
2014-06-24 05:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At30.job
2014-06-24 05:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At6.job
2014-06-24 04:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At29.job
2014-06-24 04:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At5.job
2014-06-24 03:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At28.job
2014-06-24 03:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At4.job
2014-06-24 02:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At27.job
2014-06-24 02:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At3.job
2014-06-24 01:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At26.job
2014-06-24 01:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At2.job
2014-06-24 00:37 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At25.job
2014-06-24 00:37 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At1.job
2014-06-23 23:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At48.job
2014-06-23 23:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At24.job
2014-06-23 22:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At47.job
2014-06-23 22:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At23.job
2014-06-23 21:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At46.job
2014-06-23 21:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At22.job
2014-06-23 20:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At45.job
2014-06-23 20:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At21.job
2014-06-21 07:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At32.job
2014-06-21 07:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At8.job
2014-06-21 06:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At31.job
2014-06-21 06:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At7.job
2014-06-19 23:29 - 2014-04-17 23:13 - 00000077 _____ () C:\Windows\system32\omxv.zaz
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\00000004.@
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\201d3dde
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@
C:\Users\Lo\AppData\Local\Temp\3qhfuebj.dll
C:\Users\Lo\AppData\Local\Temp\buddyupdater1768708.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater489630447.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater5130202.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater5873609.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater7772609.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater86611.exe
C:\Users\Lo\AppData\Local\Temp\m1vxythc.dll
C:\Users\Lo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lo\AppData\Local\Temp\nvStInst.exe
C:\Users\Lo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lo\AppData\Local\Temp\uslefjcx.dll
C:\Users\Lo\AppData\Local\Temp\vsasiv1g.dll
C:\Users\Lo\AppData\Local\Temp\wcrash.exe
C:\Users\Lo\AppData\Local\Temp\yvouixj.dll
C:\Users\Lo\AppData\Local\Temp\zfljpon.dll
TDL4: custom:26000022 <===== ATTENTION!
Task: {0155D458-793D-4773-86BB-03C86A7531B5} - System32\Tasks\At24 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {050D1A7D-F412-4CFA-BE30-9C43048DBD2F} - System32\Tasks\At18 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {055E47E1-486D-4D52-AE1A-90C6762CF6F0} - System32\Tasks\At30 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {05896050-C327-4310-A521-85A2F5A84B4E} - System32\Tasks\At32 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {06BD64D0-FE08-4F52-A47C-3905FB6B2661} - System32\Tasks\At44 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {0D5DFCAC-D1A6-42B8-94AC-214C826F45EC} - System32\Tasks\At13 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {0D696DCF-4F33-4F49-A389-E7DEE0BCD8C0} - System32\Tasks\At27 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {13ED579A-0D94-4679-830B-07C7C81EA182} - System32\Tasks\At4 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2567B878-4553-4AA6-8D1F-F7A3BE077E68} - System32\Tasks\At38 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2AAFC5DD-6760-4848-A334-1432A6C921ED} - System32\Tasks\At5 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2F7164F4-55CC-4F1A-A2A7-CFC03BFCF132} - System32\Tasks\At17 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {327E0717-B907-49C9-AB16-AFAD6F3AE64B} - System32\Tasks\At1 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {3F176220-F0AF-4655-A0B5-74595FA18293} - System32\Tasks\At15 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {40CE23D0-B56E-4CB3-AA60-FAFD518912B2} - System32\Tasks\At19 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {430BD962-661A-487C-9D9A-EB33F3C54983} - System32\Tasks\At28 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {49F64E85-7507-4487-B38E-74BACD7FFDD0} - System32\Tasks\At16 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4A8CF909-5BD5-4A92-AA4B-DD669AE17D1C} - System32\Tasks\At2 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4AA5210D-6A9C-4153-A770-9800DEB0AEFC} - System32\Tasks\At48 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4DA3575C-C05A-4ADE-AF77-5A7D2EB1330D} - System32\Tasks\At8 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {500704CB-D33E-4FE0-98FB-10BC26787343} - System32\Tasks\At36 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {58475668-8024-4FED-BEB7-293E2A320032} - System32\Tasks\At22 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5A1B34F5-A7DC-4EEA-B7D1-58F7DDC5F0EC} - System32\Tasks\At34 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5A4A766F-0E44-45C3-AA50-5118DC778FF1} - System32\Tasks\At46 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5EDAE3FC-A3D4-4258-A507-C0AE03DB00C1} - System32\Tasks\At21 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {60098F1B-8644-4F08-9F3B-F642C2E5AB25} - System32\Tasks\At42 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {6D0E8D93-D869-4479-8610-DC37CA4FFF89} - System32\Tasks\At9 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {757ED991-2107-4DCB-9001-2DBEF5FFCB39} - System32\Tasks\At45 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {78676F48-4710-4B9B-A0F9-42E9BEA03C6E} - System32\Tasks\At35 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {810F4D7F-5764-4B7C-95B3-43E64908535C} - System32\Tasks\At6 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {821C1EE3-9D0A-47EC-A3C7-CBDD26B0E518} - System32\Tasks\At7 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {834FCDFD-1589-4CEF-884C-F430400833D8} - System32\Tasks\At47 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {8410A44E-DADC-44B2-AD41-1665EAC407F8} - System32\Tasks\At10 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {9C6867EC-D81B-4DEF-BB27-A846333A674C} - System32\Tasks\At31 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {9E2A77E8-94C3-41E1-A555-0416EA3A5C11} - System32\Tasks\At25 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B33D09FC-87A7-4AD5-A958-49B63F69FD30} - System32\Tasks\At37 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B52B4B05-7C6B-4A2D-A729-002D02B9FD67} - System32\Tasks\At41 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B59DF53F-799E-4597-A080-B22807A94198} - System32\Tasks\At39 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C2343A6E-88B1-488E-8F26-D6467F1494E2} - System32\Tasks\At26 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C24671A6-C1DA-4E53-9636-055CFF8E9DD2} - System32\Tasks\At14 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C2A93038-1EF4-44E5-BD0E-803996035B37} - System32\Tasks\At20 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C87196CB-A580-4B67-9393-25143BCAF7B1} - System32\Tasks\At29 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {CCE44B9B-D7A7-44F6-B7B6-D3DDF230B641} - System32\Tasks\At43 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {D06334CC-1AE3-461E-ABC6-AC7FCA25F466} - System32\Tasks\At11 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {DD5588FC-7741-49FF-B8AA-024A2626F0B0} - System32\Tasks\At12 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {DFE126E5-D010-4580-83BD-54F29ADCF3E5} - System32\Tasks\At23 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {E0F0CC0D-A2CD-4FB8-AF9D-914BE7E85E29} - System32\Tasks\At40 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {E5735A35-4989-49E0-9B16-76F7AC462915} - System32\Tasks\At3 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {F5EEFE3D-594D-4E3D-8267-578EFA8AE601} - System32\Tasks\At33 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
C:\ProgramData\8U1gMRqA.exe
Folder: C:\Users\Lo\AppData\Roaming\E5A2
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:52 PM

Posted 24 June 2014 - 09:39 PM

In reviewing your report I notice FRST is not on your desktop. You need to cut and paste it to the desktop otherwise the fix will not work. You can find the program here:

Running from C:\Users\Lo\Downloads


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 25 June 2014 - 07:45 PM

Yea i corrected that already.  Just reran Combofix because after the initial run, the computer restarted and while Combofix was creating the log i mouseclicked trying to access Task Manager and it gave the "Illegal operation attempted on a registery key that has been marked for deletionmessage so I restarted per instructions but now I realize I made have made a mistake.  Running Combofix again and will post full results.



#7 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 25 June 2014 - 08:13 PM

  • Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Lo at 2014-06-25 19:01:40 Run:1
Running from C:\Users\Lo\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\.DEFAULT\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\.DEFAULT\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [systemxpcom] => rundll32.exe "c:\users\lo\appdata\roaming\e5a2\systemxpcom.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\...\Run: [videoactivex] => rundll32.exe "c:\users\lo\appdata\roaming\e5a2\videoactivex.dll",DllRegisterServer <===== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C1D36DC1-C104-11E2-AFFE-00219B26CEAF}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx3.msi [X]
C:\Windows\installer\AMDEx3.msi
2014-06-24 19:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At44.job
2014-06-24 19:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At20.job
2014-06-24 18:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At43.job
2014-06-24 18:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At19.job
2014-06-24 17:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At42.job
2014-06-24 17:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At18.job
2014-06-24 16:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At41.job
2014-06-24 16:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At17.job
2014-06-24 15:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At40.job
2014-06-24 15:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At16.job
2014-06-24 14:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At39.job
2014-06-24 14:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At15.job
2014-06-24 13:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At38.job
2014-06-24 13:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At14.job
2014-06-24 12:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At37.job
2014-06-24 12:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At13.job
2014-06-24 11:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At36.job
2014-06-24 11:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At12.job
2014-06-24 10:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At35.job
2014-06-24 10:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At11.job
2014-06-24 09:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At34.job
2014-06-24 09:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At10.job
2014-06-24 08:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At33.job
2014-06-24 08:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At9.job
2014-06-24 05:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At30.job
2014-06-24 05:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At6.job
2014-06-24 04:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At29.job
2014-06-24 04:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At5.job
2014-06-24 03:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At28.job
2014-06-24 03:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At4.job
2014-06-24 02:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At27.job
2014-06-24 02:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At3.job
2014-06-24 01:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At26.job
2014-06-24 01:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At2.job
2014-06-24 00:37 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At25.job
2014-06-24 00:37 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At1.job
2014-06-23 23:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At48.job
2014-06-23 23:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At24.job
2014-06-23 22:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At47.job
2014-06-23 22:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At23.job
2014-06-23 21:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At46.job
2014-06-23 21:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At22.job
2014-06-23 20:00 - 2013-05-04 02:24 - 00000342 _____ () C:\Windows\Tasks\At45.job
2014-06-23 20:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At21.job
2014-06-21 07:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At32.job
2014-06-21 07:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At8.job
2014-06-21 06:00 - 2013-05-04 02:23 - 00000342 _____ () C:\Windows\Tasks\At31.job
2014-06-21 06:00 - 2013-05-04 02:23 - 00000340 _____ () C:\Windows\Tasks\At7.job
2014-06-19 23:29 - 2014-04-17 23:13 - 00000077 _____ () C:\Windows\system32\omxv.zaz
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\00000004.@
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\201d3dde
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@
C:\Users\Lo\AppData\Local\Temp\3qhfuebj.dll
C:\Users\Lo\AppData\Local\Temp\buddyupdater1768708.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater489630447.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater5130202.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater5873609.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater7772609.exe
C:\Users\Lo\AppData\Local\Temp\buddyupdater86611.exe
C:\Users\Lo\AppData\Local\Temp\m1vxythc.dll
C:\Users\Lo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lo\AppData\Local\Temp\nvStInst.exe
C:\Users\Lo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lo\AppData\Local\Temp\uslefjcx.dll
C:\Users\Lo\AppData\Local\Temp\vsasiv1g.dll
C:\Users\Lo\AppData\Local\Temp\wcrash.exe
C:\Users\Lo\AppData\Local\Temp\yvouixj.dll
C:\Users\Lo\AppData\Local\Temp\zfljpon.dll
TDL4: custom:26000022 <===== ATTENTION!
Task: {0155D458-793D-4773-86BB-03C86A7531B5} - System32\Tasks\At24 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {050D1A7D-F412-4CFA-BE30-9C43048DBD2F} - System32\Tasks\At18 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {055E47E1-486D-4D52-AE1A-90C6762CF6F0} - System32\Tasks\At30 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {05896050-C327-4310-A521-85A2F5A84B4E} - System32\Tasks\At32 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {06BD64D0-FE08-4F52-A47C-3905FB6B2661} - System32\Tasks\At44 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {0D5DFCAC-D1A6-42B8-94AC-214C826F45EC} - System32\Tasks\At13 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {0D696DCF-4F33-4F49-A389-E7DEE0BCD8C0} - System32\Tasks\At27 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {13ED579A-0D94-4679-830B-07C7C81EA182} - System32\Tasks\At4 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2567B878-4553-4AA6-8D1F-F7A3BE077E68} - System32\Tasks\At38 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2AAFC5DD-6760-4848-A334-1432A6C921ED} - System32\Tasks\At5 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {2F7164F4-55CC-4F1A-A2A7-CFC03BFCF132} - System32\Tasks\At17 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {327E0717-B907-49C9-AB16-AFAD6F3AE64B} - System32\Tasks\At1 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {3F176220-F0AF-4655-A0B5-74595FA18293} - System32\Tasks\At15 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {40CE23D0-B56E-4CB3-AA60-FAFD518912B2} - System32\Tasks\At19 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {430BD962-661A-487C-9D9A-EB33F3C54983} - System32\Tasks\At28 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {49F64E85-7507-4487-B38E-74BACD7FFDD0} - System32\Tasks\At16 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4A8CF909-5BD5-4A92-AA4B-DD669AE17D1C} - System32\Tasks\At2 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4AA5210D-6A9C-4153-A770-9800DEB0AEFC} - System32\Tasks\At48 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {4DA3575C-C05A-4ADE-AF77-5A7D2EB1330D} - System32\Tasks\At8 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {500704CB-D33E-4FE0-98FB-10BC26787343} - System32\Tasks\At36 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {58475668-8024-4FED-BEB7-293E2A320032} - System32\Tasks\At22 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5A1B34F5-A7DC-4EEA-B7D1-58F7DDC5F0EC} - System32\Tasks\At34 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5A4A766F-0E44-45C3-AA50-5118DC778FF1} - System32\Tasks\At46 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {5EDAE3FC-A3D4-4258-A507-C0AE03DB00C1} - System32\Tasks\At21 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {60098F1B-8644-4F08-9F3B-F642C2E5AB25} - System32\Tasks\At42 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {6D0E8D93-D869-4479-8610-DC37CA4FFF89} - System32\Tasks\At9 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {757ED991-2107-4DCB-9001-2DBEF5FFCB39} - System32\Tasks\At45 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {78676F48-4710-4B9B-A0F9-42E9BEA03C6E} - System32\Tasks\At35 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {810F4D7F-5764-4B7C-95B3-43E64908535C} - System32\Tasks\At6 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {821C1EE3-9D0A-47EC-A3C7-CBDD26B0E518} - System32\Tasks\At7 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {834FCDFD-1589-4CEF-884C-F430400833D8} - System32\Tasks\At47 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {8410A44E-DADC-44B2-AD41-1665EAC407F8} - System32\Tasks\At10 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {9C6867EC-D81B-4DEF-BB27-A846333A674C} - System32\Tasks\At31 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {9E2A77E8-94C3-41E1-A555-0416EA3A5C11} - System32\Tasks\At25 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B33D09FC-87A7-4AD5-A958-49B63F69FD30} - System32\Tasks\At37 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B52B4B05-7C6B-4A2D-A729-002D02B9FD67} - System32\Tasks\At41 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {B59DF53F-799E-4597-A080-B22807A94198} - System32\Tasks\At39 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C2343A6E-88B1-488E-8F26-D6467F1494E2} - System32\Tasks\At26 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C24671A6-C1DA-4E53-9636-055CFF8E9DD2} - System32\Tasks\At14 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C2A93038-1EF4-44E5-BD0E-803996035B37} - System32\Tasks\At20 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {C87196CB-A580-4B67-9393-25143BCAF7B1} - System32\Tasks\At29 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {CCE44B9B-D7A7-44F6-B7B6-D3DDF230B641} - System32\Tasks\At43 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {D06334CC-1AE3-461E-ABC6-AC7FCA25F466} - System32\Tasks\At11 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {DD5588FC-7741-49FF-B8AA-024A2626F0B0} - System32\Tasks\At12 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {DFE126E5-D010-4580-83BD-54F29ADCF3E5} - System32\Tasks\At23 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {E0F0CC0D-A2CD-4FB8-AF9D-914BE7E85E29} - System32\Tasks\At40 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {E5735A35-4989-49E0-9B16-76F7AC462915} - System32\Tasks\At3 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
Task: {F5EEFE3D-594D-4E3D-8267-578EFA8AE601} - System32\Tasks\At33 => C:\ProgramData\8U1gMRqA.exe <==== ATTENTION
C:\ProgramData\8U1gMRqA.exe
Folder: C:\Users\Lo\AppData\Roaming\E5A2
*****************
 
'HKU\.DEFAULT\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
'HKU\.DEFAULT\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}' => Key deleted successfully.
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Run\\systemxpcom => value deleted successfully.
HKU\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Run\\videoactivex => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000006\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000006\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
FastUserSwitchingCompatibility => Service deleted successfully.
"C:\Windows\installer\AMDEx3.msi" => File/Directory not found.
C:\Windows\Tasks\At44.job => Moved successfully.
C:\Windows\Tasks\At20.job => Moved successfully.
C:\Windows\Tasks\At43.job => Moved successfully.
C:\Windows\Tasks\At19.job => Moved successfully.
C:\Windows\Tasks\At42.job => Moved successfully.
C:\Windows\Tasks\At18.job => Moved successfully.
C:\Windows\Tasks\At41.job => Moved successfully.
C:\Windows\Tasks\At17.job => Moved successfully.
C:\Windows\Tasks\At40.job => Moved successfully.
C:\Windows\Tasks\At16.job => Moved successfully.
C:\Windows\Tasks\At39.job => Moved successfully.
C:\Windows\Tasks\At15.job => Moved successfully.
C:\Windows\Tasks\At38.job => Moved successfully.
C:\Windows\Tasks\At14.job => Moved successfully.
C:\Windows\Tasks\At37.job => Moved successfully.
C:\Windows\Tasks\At13.job => Moved successfully.
C:\Windows\Tasks\At36.job => Moved successfully.
C:\Windows\Tasks\At12.job => Moved successfully.
C:\Windows\Tasks\At35.job => Moved successfully.
C:\Windows\Tasks\At11.job => Moved successfully.
C:\Windows\Tasks\At34.job => Moved successfully.
C:\Windows\Tasks\At10.job => Moved successfully.
C:\Windows\Tasks\At33.job => Moved successfully.
C:\Windows\Tasks\At9.job => Moved successfully.
C:\Windows\Tasks\At30.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Windows\Tasks\At29.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At28.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At27.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At26.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At25.job => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At48.job => Moved successfully.
C:\Windows\Tasks\At24.job => Moved successfully.
C:\Windows\Tasks\At47.job => Moved successfully.
C:\Windows\Tasks\At23.job => Moved successfully.
C:\Windows\Tasks\At46.job => Moved successfully.
C:\Windows\Tasks\At22.job => Moved successfully.
C:\Windows\Tasks\At45.job => Moved successfully.
C:\Windows\Tasks\At21.job => Moved successfully.
C:\Windows\Tasks\At32.job => Moved successfully.
C:\Windows\Tasks\At8.job => Moved successfully.
C:\Windows\Tasks\At31.job => Moved successfully.
C:\Windows\Tasks\At7.job => Moved successfully.
C:\Windows\system32\omxv.zaz => Moved successfully.
C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee} => Moved successfully.
"C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@" => File/Directory not found.
"C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\L\201d3dde" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee} => Moved successfully.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{64c0d8a5-a05b-0c46-18fb-fc44ee3744ee}\@" => File/Directory not found.
C:\Users\Lo\AppData\Local\Temp\3qhfuebj.dll => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\buddyupdater1768708.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\buddyupdater489630447.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\buddyupdater5130202.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\buddyupdater5873609.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\buddyupdater7772609.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\buddyupdater86611.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\m1vxythc.dll => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\uslefjcx.dll => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\vsasiv1g.dll => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\wcrash.exe => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\yvouixj.dll => Moved successfully.
C:\Users\Lo\AppData\Local\Temp\zfljpon.dll => Moved successfully.
 
The operation completed successfully.
The operation completed successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0155D458-793D-4773-86BB-03C86A7531B5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0155D458-793D-4773-86BB-03C86A7531B5}' => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{050D1A7D-F412-4CFA-BE30-9C43048DBD2F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{050D1A7D-F412-4CFA-BE30-9C43048DBD2F}' => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{055E47E1-486D-4D52-AE1A-90C6762CF6F0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{055E47E1-486D-4D52-AE1A-90C6762CF6F0}' => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05896050-C327-4310-A521-85A2F5A84B4E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05896050-C327-4310-A521-85A2F5A84B4E}' => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06BD64D0-FE08-4F52-A47C-3905FB6B2661}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06BD64D0-FE08-4F52-A47C-3905FB6B2661}' => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D5DFCAC-D1A6-42B8-94AC-214C826F45EC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D5DFCAC-D1A6-42B8-94AC-214C826F45EC}' => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D696DCF-4F33-4F49-A389-E7DEE0BCD8C0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D696DCF-4F33-4F49-A389-E7DEE0BCD8C0}' => Key deleted successfully.
C:\Windows\System32\Tasks\At27 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13ED579A-0D94-4679-830B-07C7C81EA182}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13ED579A-0D94-4679-830B-07C7C81EA182}' => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2567B878-4553-4AA6-8D1F-F7A3BE077E68}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2567B878-4553-4AA6-8D1F-F7A3BE077E68}' => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AAFC5DD-6760-4848-A334-1432A6C921ED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AAFC5DD-6760-4848-A334-1432A6C921ED}' => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7164F4-55CC-4F1A-A2A7-CFC03BFCF132}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7164F4-55CC-4F1A-A2A7-CFC03BFCF132}' => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{327E0717-B907-49C9-AB16-AFAD6F3AE64B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{327E0717-B907-49C9-AB16-AFAD6F3AE64B}' => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F176220-F0AF-4655-A0B5-74595FA18293}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F176220-F0AF-4655-A0B5-74595FA18293}' => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40CE23D0-B56E-4CB3-AA60-FAFD518912B2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40CE23D0-B56E-4CB3-AA60-FAFD518912B2}' => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{430BD962-661A-487C-9D9A-EB33F3C54983}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{430BD962-661A-487C-9D9A-EB33F3C54983}' => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49F64E85-7507-4487-B38E-74BACD7FFDD0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F64E85-7507-4487-B38E-74BACD7FFDD0}' => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A8CF909-5BD5-4A92-AA4B-DD669AE17D1C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A8CF909-5BD5-4A92-AA4B-DD669AE17D1C}' => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AA5210D-6A9C-4153-A770-9800DEB0AEFC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AA5210D-6A9C-4153-A770-9800DEB0AEFC}' => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA3575C-C05A-4ADE-AF77-5A7D2EB1330D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA3575C-C05A-4ADE-AF77-5A7D2EB1330D}' => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{500704CB-D33E-4FE0-98FB-10BC26787343}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{500704CB-D33E-4FE0-98FB-10BC26787343}' => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58475668-8024-4FED-BEB7-293E2A320032}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58475668-8024-4FED-BEB7-293E2A320032}' => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A1B34F5-A7DC-4EEA-B7D1-58F7DDC5F0EC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A1B34F5-A7DC-4EEA-B7D1-58F7DDC5F0EC}' => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A4A766F-0E44-45C3-AA50-5118DC778FF1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4A766F-0E44-45C3-AA50-5118DC778FF1}' => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EDAE3FC-A3D4-4258-A507-C0AE03DB00C1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EDAE3FC-A3D4-4258-A507-C0AE03DB00C1}' => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60098F1B-8644-4F08-9F3B-F642C2E5AB25}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60098F1B-8644-4F08-9F3B-F642C2E5AB25}' => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D0E8D93-D869-4479-8610-DC37CA4FFF89}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D0E8D93-D869-4479-8610-DC37CA4FFF89}' => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{757ED991-2107-4DCB-9001-2DBEF5FFCB39}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{757ED991-2107-4DCB-9001-2DBEF5FFCB39}' => Key deleted successfully.
C:\Windows\System32\Tasks\At45 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78676F48-4710-4B9B-A0F9-42E9BEA03C6E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78676F48-4710-4B9B-A0F9-42E9BEA03C6E}' => Key deleted successfully.
C:\Windows\System32\Tasks\At35 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{810F4D7F-5764-4B7C-95B3-43E64908535C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{810F4D7F-5764-4B7C-95B3-43E64908535C}' => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{821C1EE3-9D0A-47EC-A3C7-CBDD26B0E518}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{821C1EE3-9D0A-47EC-A3C7-CBDD26B0E518}' => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{834FCDFD-1589-4CEF-884C-F430400833D8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{834FCDFD-1589-4CEF-884C-F430400833D8}' => Key deleted successfully.
C:\Windows\System32\Tasks\At47 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8410A44E-DADC-44B2-AD41-1665EAC407F8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8410A44E-DADC-44B2-AD41-1665EAC407F8}' => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C6867EC-D81B-4DEF-BB27-A846333A674C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C6867EC-D81B-4DEF-BB27-A846333A674C}' => Key deleted successfully.
C:\Windows\System32\Tasks\At31 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E2A77E8-94C3-41E1-A555-0416EA3A5C11}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E2A77E8-94C3-41E1-A555-0416EA3A5C11}' => Key deleted successfully.
C:\Windows\System32\Tasks\At25 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B33D09FC-87A7-4AD5-A958-49B63F69FD30}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B33D09FC-87A7-4AD5-A958-49B63F69FD30}' => Key deleted successfully.
C:\Windows\System32\Tasks\At37 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B52B4B05-7C6B-4A2D-A729-002D02B9FD67}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B52B4B05-7C6B-4A2D-A729-002D02B9FD67}' => Key deleted successfully.
C:\Windows\System32\Tasks\At41 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B59DF53F-799E-4597-A080-B22807A94198}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B59DF53F-799E-4597-A080-B22807A94198}' => Key deleted successfully.
C:\Windows\System32\Tasks\At39 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2343A6E-88B1-488E-8F26-D6467F1494E2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2343A6E-88B1-488E-8F26-D6467F1494E2}' => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C24671A6-C1DA-4E53-9636-055CFF8E9DD2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C24671A6-C1DA-4E53-9636-055CFF8E9DD2}' => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2A93038-1EF4-44E5-BD0E-803996035B37}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A93038-1EF4-44E5-BD0E-803996035B37}' => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C87196CB-A580-4B67-9393-25143BCAF7B1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C87196CB-A580-4B67-9393-25143BCAF7B1}' => Key deleted successfully.
C:\Windows\System32\Tasks\At29 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCE44B9B-D7A7-44F6-B7B6-D3DDF230B641}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE44B9B-D7A7-44F6-B7B6-D3DDF230B641}' => Key deleted successfully.
C:\Windows\System32\Tasks\At43 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D06334CC-1AE3-461E-ABC6-AC7FCA25F466}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06334CC-1AE3-461E-ABC6-AC7FCA25F466}' => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD5588FC-7741-49FF-B8AA-024A2626F0B0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD5588FC-7741-49FF-B8AA-024A2626F0B0}' => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFE126E5-D010-4580-83BD-54F29ADCF3E5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFE126E5-D010-4580-83BD-54F29ADCF3E5}' => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F0CC0D-A2CD-4FB8-AF9D-914BE7E85E29}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F0CC0D-A2CD-4FB8-AF9D-914BE7E85E29}' => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5735A35-4989-49E0-9B16-76F7AC462915}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5735A35-4989-49E0-9B16-76F7AC462915}' => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5EEFE3D-594D-4E3D-8267-578EFA8AE601}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5EEFE3D-594D-4E3D-8267-578EFA8AE601}' => Key deleted successfully.
C:\Windows\System32\Tasks\At33 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33' => Key deleted successfully.
"C:\ProgramData\8U1gMRqA.exe" => File/Directory not found.
 
========================= Folder: C:\Users\Lo\AppData\Roaming\E5A2 ========================
 
2014-06-19 10:12 - 2014-06-19 10:12 - 0310272 _____ (Borland Software Corporation) C:\Users\Lo\AppData\Roaming\E5A2\systemxpcom.dll
2014-06-20 10:19 - 2014-06-20 10:19 - 0310272 _____ (Borland Software Corporation) C:\Users\Lo\AppData\Roaming\E5A2\videoactivex.dll
 
====== End of Folder: ======
 
 
==== End of Fixlog ====
  • Combofix log
ComboFix 14-06-24.01 - Lo 06/25/2014  19:42:44.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1927 [GMT -5:00]
Running from: c:\users\Lo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\programdata\8U1gMRqA.exe.b
c:\programdata\8U1gMRqA.exe_.b
c:\programdata\Microsoft\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}.exe
c:\users\Lo\AppData\Roaming\tmp21.tmp.exe
c:\users\Lo\AppData\Roaming\tmp50.tmp.exe
c:\users\Lo\AppData\Roaming\tmp68.tmp.exe
c:\users\Lo\AppData\Roaming\tmp80.tmp.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-26 to 2014-06-26  )))))))))))))))))))))))))))))))
.
.
2014-06-26 00:58 . 2014-06-26 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-26 00:49 . 2014-06-26 00:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1E739C1-91AB-4BAE-8F51-F8E282CB172F}\offreg.dll
2014-06-25 00:29 . 2014-06-25 00:29 -------- d-----w- c:\program files (x86)\NirSoft
2014-06-25 00:25 . 2014-06-26 00:01 -------- d-----w- C:\FRST
2014-06-19 15:12 . 2014-06-20 15:19 -------- d-----w- c:\users\Lo\AppData\Roaming\E5A2
2014-06-19 14:17 . 2014-06-19 14:17 -------- d-----w- c:\program files (x86)\NCSOFT
2014-06-19 14:16 . 2014-06-19 14:16 -------- d-----w- c:\program files (x86)\NCWest
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 14:22 . 2012-04-25 18:57 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-19 14:22 . 2011-06-15 23:35 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2010-11-20 . 590CD918163A5A72AA1042DC84ADD0CC . 515072 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-06-19 526240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
keucce.exe [2013-5-4 352408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [x]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCASp50a64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys;c:\windows\SYSNATIVE\DRIVERS\WN111v2w7x.sys [x]
R4 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe;c:\program files (x86)\ShowMyPCService\tvnserver.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-19 12:44 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 14:22]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 02:49]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 02:49]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001Core.job
- c:\users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 02:29]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001UA.job
- c:\users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 02:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{642F3C92-069A-4E42-A178-8F1569DC7487}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Lo\AppData\Roaming\Mozilla\Firefox\Profiles\6drwlr3f.default-1365493814175\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c} - c:\programdata\Microsoft\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}\{9bbc9ff7-d69e-ec4e-6121-3b88103acd3c}.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"=hex:51,66,7a,6c,4c,1d,3b,1b,e3,4d,c7,
   ed,48,70,39,39,96,99,8d,11,69,db,ca,81
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ab,08,78,3c,f3,6e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,9f,db,30,5e,85,02,46,a6,a3,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,9f,db,30,5e,85,02,46,a6,a3,ca,\
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*2*0*P*¡å¶o\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ƒõ+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*áõ+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*æè%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ÿº,=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*D»,=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*œxR\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*À{R\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*Ñ{R\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Néƒ@­dÜ`xëw»Žqý£Å26š Ï£™É'1B8ñ¢¬kÎ0àkÍÁg¨úˆàa¨
€^Ä8‡¢±iç*å\C1!*¹5Ì#€ü$Hjj{u«HкÄwæ½Ö]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Néƒ@­dÜ`xëw»Žqý£Å26š Ï£™É'1B8ñ¢¬kÎ0àkÍÁg¨úˆàa¨
€^Ä8‡¢±iç*å\C1!*¹5Ì#€ü$Hjj{u«HкÄwæ½Ö\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-25  20:04:52
ComboFix-quarantined-files.txt  2014-06-26 01:04
.
Pre-Run: 412,845,416,448 bytes free
Post-Run: 412,335,620,096 bytes free
.
- - End Of File - - 03FC1B60F9BA7D59E14E57A26359610A
A36C5E4F47E84449FF07ED3517B43A31
 
  • How is your computer running?

Seems to load faster.  Right before I was able to post this it crashed again.  Hopefully these logs provide some more insight for you.  Cheers!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:52 PM

Posted 25 June 2014 - 10:08 PM

Greetings,

Please do this now.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Lo\AppData\Roaming\E5A2
cmd: copy /y c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll c:\windows\system32
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe (DT Soft Ltd)
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*2*0*P*¡å¶o\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*õ+\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*áõ+\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*æè%\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ÿº,=\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*D»,=\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*À{R\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*Ñ{R\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö\OpenWithList
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Rerun Combofix

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 25 June 2014 - 10:57 PM

  • Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Lo at 2014-06-25 22:19:25 Run:3
Running from C:\Users\Lo\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Lo\AppData\Roaming\E5A2
cmd: copy /y c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll c:\windows\system32
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe (DT Soft Ltd)
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*2*0*P*¡å¶o\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*õ+\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*áõ+\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*æè%\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ÿº,=\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*D»,=\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*À{R\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*Ñ{R\OpenWithList
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö
Unlock: HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö\OpenWithList
*****************
 
"C:\Users\Lo\AppData\Roaming\E5A2" => File/Directory not found.
 
=========  copy /y c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll c:\windows\system32 =========
 
The process cannot access the file because it is being used by another process.
        0 file(s) copied.
 
========= End of CMD: =========
 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keucce.exe not found.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*2*0*P*¡å¶o\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*õ+\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*áõ+\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*æè%\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ÿº,=\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*D»,=\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*À{R\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*Ñ{R\OpenWithList" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö" => Error unlocking key.
"HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö\OpenWithList" => Error unlocking key.
 
==== End of Fixlog ====
  • Combofix log
ComboFix 14-06-24.01 - Lo 06/25/2014  22:21:57.3.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1863 [GMT -5:00]
Running from: c:\users\Lo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-26 to 2014-06-26  )))))))))))))))))))))))))))))))
.
.
2014-06-26 03:39 . 2014-06-26 03:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-26 03:39 . 2014-06-26 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-26 01:25 . 2014-06-26 03:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{711C5EB5-7BD2-445D-BCEB-040C826513EC}\offreg.dll
2014-06-26 01:16 . 2014-06-17 07:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{711C5EB5-7BD2-445D-BCEB-040C826513EC}\mpengine.dll
2014-06-25 00:29 . 2014-06-25 00:29 -------- d-----w- c:\program files (x86)\NirSoft
2014-06-25 00:25 . 2014-06-26 03:19 -------- d-----w- C:\FRST
2014-06-19 14:17 . 2014-06-19 14:17 -------- d-----w- c:\program files (x86)\NCSOFT
2014-06-19 14:16 . 2014-06-19 14:16 -------- d-----w- c:\program files (x86)\NCWest
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 14:22 . 2012-04-25 18:57 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-19 14:22 . 2011-06-15 23:35 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 14:35 . 2010-12-20 07:53 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2010-11-20 . 590CD918163A5A72AA1042DC84ADD0CC . 515072 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-06-19 526240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [x]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCASp50a64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys;c:\windows\SYSNATIVE\DRIVERS\WN111v2w7x.sys [x]
R4 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe;c:\program files (x86)\ShowMyPCService\tvnserver.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-19 12:44 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 14:22]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 02:49]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 02:49]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001Core.job
- c:\users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 02:29]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715180679-3963613722-1378563947-1001UA.job
- c:\users\Lo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 02:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{642F3C92-069A-4E42-A178-8F1569DC7487}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Lo\AppData\Roaming\Mozilla\Firefox\Profiles\6drwlr3f.default-1365493814175\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"=hex:51,66,7a,6c,4c,1d,3b,1b,e3,4d,c7,
   ed,48,70,39,39,96,99,8d,11,69,db,ca,81
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ab,08,78,3c,f3,6e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,9f,db,30,5e,85,02,46,a6,a3,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,9f,db,30,5e,85,02,46,a6,a3,ca,\
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*2*0*P*¡å¶o\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ƒõ+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*áõ+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*æè%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ÿº,=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*D»,=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*œxR\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*À{R\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*Ñ{R\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Néƒ@­dÜ`xëw»Žqý£Å26š Ï£™É'1B8ñ¢¬kÎ0àkÍÁg¨úˆàa¨
€^Ä8‡¢±iç*å\C1!*¹5Ì#€ü$Hjj{u«HкÄwæ½Ö]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Néƒ@­dÜ`xëw»Žqý£Å26š Ï£™É'1B8ñ¢¬kÎ0àkÍÁg¨úˆàa¨
€^Ä8‡¢±iç*å\C1!*¹5Ì#€ü$Hjj{u«HкÄwæ½Ö\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-25  22:51:20
ComboFix-quarantined-files.txt  2014-06-26 03:51
ComboFix2.txt  2014-06-26 01:04
.
Pre-Run: 402,985,463,808 bytes free
Post-Run: 402,826,526,720 bytes free
.
- - End Of File - - C9B2596C1C9E29FC156869D7661A83AB
A36C5E4F47E84449FF07ED3517B43A31
 
  • How is your computer behavin

Crashed once during FRST so that was the log from a second run.  Combofix went fine.  Crashed a couple of time prior to your post.  Fingers crossed we find something.  Cheers!



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:52 PM

Posted 26 June 2014 - 08:59 AM

Well those efforts weren't very fruitful so your computer is still compromised. Because of that I am not surprised by your computer crashes. It may or may not be related to the things we are addressing here but we need to deal with these items first.

Let's attack it another way.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*õ+\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*áõ+\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*æè%\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*ÿº,=\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*1*3*D»,=\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*xR\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*À{R\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*Ñ{R\OpenWithList
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö
HKEY_USERS\S-1-5-21-2715180679-3963613722-1378563947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ù$ãÐÙ*Né@­dÜ`xëw»Žqý£Å26 Ï£É'1B8ñ¢¬kÎ0àkÍÁg¨úàa¨^Ä8¢±iç*å\C1!*¹5Ì#ü$Hjj{u«HкÄwæ½Ö\OpenWithList

  • Check the Unlock Keys radio button.
  • Press the Go button and post the result.
===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
keucce.exe
E5A2
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Blitzblank

--------------------

Blitzblank is a powerful tool and care must be taken to follow the steps carefully. Please note the warning you will receive when the program is launched.
  • Download Blitzblank and save it to your Desktop <<< Important
  • Double click the icon
  • Click OK on the warning screen
  • Click the Script tab
  • Copy and paste the following inside the script window
CopyFile:
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll c:\windows\system32\rpcss.dll 
  • Click Execute Now
  • Click OK on the warning window
  • Click OK on the System reboot window
  • You will see a black screen with writing on it indicating the actions being taken
  • Locate C:\blitzblank.txt and copy and paste the contents of that document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report
  • Search.txt
  • Blitzblank report

Edited by Oh My, 26 June 2014 - 12:35 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 June 2014 - 10:25 AM

While searching for the files specified with FRST, the computer keeps crashing.  Fourth attempt right now so we'll see how that goes.  Ran MiniReg and when it finished "Unlock operation completed" prompted but no report/log.  Will attempt to run Blitzblank should the search actually complete.



#12 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 June 2014 - 10:26 AM

Fourth attempt was unsuccessful.. Should I continue to try?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:52 PM

Posted 26 June 2014 - 11:48 AM

No run Blitzblank.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 June 2014 - 12:28 PM

Blitzblank

 

 
BlitzBlank 1.0.0.32
 
File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll", destinationFile = "\??\c:\windows\system32"GetDataFromFile: ZwOpenFile failed: status = c0000022
CopyFile: ZwCreateFile failed: status = c00000ba


#15 worknplay619

worknplay619
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 June 2014 - 12:35 PM

After clicking ok for the warning after hitting Execute now, the computer shuts down without the system reboot window and restarts.  That is the log that is generated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users