Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have 8 adware being blocked at one time. Am I infected?


  • Please log in to reply
12 replies to this topic

#1 SonnyBiz

SonnyBiz

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 01 July 2014 - 10:56 PM

I use avast and it has been blocking at least 7 urls and 1 adware called Agent Asoc. I have ran tdsskiller and it says nothing was found but i know a problem still exists. Also it continually says its in my processes. The problem started when I was on the steam workshop and a guy redirected his mod to a dll. I have never had this problem so i ran malwarebytes. It detected a trojan sprotector and tidynetwork potentially unwanted program.

 

The files attacking are all urls and before i ran malwarebytes it was closing my browsers when i went to install other virus detection services. Also I ran HitmanPro and it detected a few parts of it I believe but they continually appear in Avast Antivirus. 

 

I really need help as this is a major inconvenience. Thanks in advance

 

Also I have run numerous adware detection programs listed on this site and the problem persists

 

It is now moving my taskbar items around where the battery indicator and volume bar are


Edited by SonnyBiz, 02 July 2014 - 12:45 AM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:22 AM

Posted 02 July 2014 - 11:30 AM

Hi Sonny, run these also and see if there is more.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 02 July 2014 - 03:03 PM

This is what mini toolbox says

 

MiniToolBox by Farbar  Version: 25-06-2014
Ran by Burks (administrator) on 02-07-2014 at 14:59:11
Running from "C:\Users\Burks\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Burks-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 24-EC-99-3D-97-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 24-EC-99-3D-97-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::44b4:5cd:bb5:56ec%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, July 02, 2014 2:46:34 PM
   Lease Expires . . . . . . . . . . : Thursday, July 03, 2014 2:46:34 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 304409753
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-6A-DA-EE-00-26-6C-21-35-02
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-21-35-02
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1cb5:3563:b555:2bb4(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1cb5:3563:b555:2bb4%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  home
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4002:c06::8b
 74.125.21.113
 74.125.21.139
 74.125.21.102
 74.125.21.100
 74.125.21.138
 74.125.21.101
 
 
Pinging google.com [74.125.21.102] with 32 bytes of data:
Reply from 74.125.21.102: bytes=32 time=39ms TTL=35
Reply from 74.125.21.102: bytes=32 time=41ms TTL=35
 
Ping statistics for 74.125.21.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 41ms, Average = 40ms
Server:  home
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=102ms TTL=40
Reply from 98.138.253.109: bytes=32 time=93ms TTL=40
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 102ms, Average = 97ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...24 ec 99 3d 97 55 ......Microsoft Virtual WiFi Miniport Adapter
 12...24 ec 99 3d 97 55 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 11...00 26 6c 21 35 02 ......Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.74     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.74    281
     192.168.1.74  255.255.255.255         On-link      192.168.1.74    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.74    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.74    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.74    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:1cb5:3563:b555:2bb4/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::1cb5:3563:b555:2bb4/128
                                    On-link
 12    281 fe80::44b4:5cd:bb5:56ec/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/02/2014 02:47:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000328ED20.72).  hr = 0x80070005, Access is denied.
.
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000314,(null),0,REG_BINARY,0000000000BBE410.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {372e4a7d-4144-40df-95d7-57118f51fd1e}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000864,(null),0,REG_BINARY,00000000058AE5D0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {cafd6fe9-dc21-40b0-9d15-37063021724a}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e44,(null),0,REG_BINARY,0000000001A8E230.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {53294b56-9004-4ff5-b266-72cf22cd8569}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0000000001C3EDD0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {bb736810-da93-439f-ba6f-7d5ae3894528}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000314,(null),0,REG_BINARY,0000000000BBE410.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {372e4a7d-4144-40df-95d7-57118f51fd1e}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000000029EE8E0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5398f5c5-b930-4ad5-87af-f0c5de6b3ab9}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000864,(null),0,REG_BINARY,00000000058AE5D0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {cafd6fe9-dc21-40b0-9d15-37063021724a}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e44,(null),0,REG_BINARY,0000000001A8E230.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {53294b56-9004-4ff5-b266-72cf22cd8569}
 
 
System errors:
=============
Error: (07/02/2014 02:47:22 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (07/02/2014 02:46:45 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (07/02/2014 02:44:55 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/02/2014 02:44:46 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/02/2014 08:31:06 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (07/02/2014 02:47:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000002d8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000328ED20.72)0x80070005, Access is denied.
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000314,(null),0,REG_BINARY,0000000000BBE410.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {372e4a7d-4144-40df-95d7-57118f51fd1e}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000864,(null),0,REG_BINARY,00000000058AE5D0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {cafd6fe9-dc21-40b0-9d15-37063021724a}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000e44,(null),0,REG_BINARY,0000000001A8E230.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {53294b56-9004-4ff5-b266-72cf22cd8569}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0000000001C3EDD0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {bb736810-da93-439f-ba6f-7d5ae3894528}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000314,(null),0,REG_BINARY,0000000000BBE410.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {372e4a7d-4144-40df-95d7-57118f51fd1e}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000000029EE8E0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5398f5c5-b930-4ad5-87af-f0c5de6b3ab9}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000864,(null),0,REG_BINARY,00000000058AE5D0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {cafd6fe9-dc21-40b0-9d15-37063021724a}
 
Error: (07/02/2014 02:44:52 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000e44,(null),0,REG_BINARY,0000000001A8E230.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {53294b56-9004-4ff5-b266-72cf22cd8569}
 
 
 
=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{63F96D8F-D32B-AABF-4DE1-F51FF391FFD6}) (Version: 3.0.870.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70213.1643 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arma 2: Free (HKLM-x32\...\Steam App 107400) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2004565246.48.56.33171842 - Audible, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Battleground Europe (HKLM-x32\...\Battleground Europe) (Version:  - Playnet Inc.)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
DC Universe Online (HKCU\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)
Horizon v2.7.9.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PodTrans Pro 3.7.2 (HKLM-x32\...\{59CDD550-EB6A-44D5-8246-F2195CA54A4A}}_is1) (Version: 3.7.2 - iMobie Inc.)
Premium Sound HD (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.0800 - SRS Labs, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12943.90 - raidcall.com)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Spintires, âåðñèÿ 1.0 (HKLM-x32\...\Spintires_is1) (Version: 1.0 - R.G. Freedom)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Forest 1.0 (HKLM-x32\...\The Forest 1.0) (Version: 1.0 - Cat-A-Cat)
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C9C56642-9AAB-4267-9454-36FF1CC59168}) (Version: 1.3.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.10 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.12 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.3.03 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.5 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0025.640205 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.0025.640205 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.0025.640205 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 43%
Total physical RAM: 5601.33 MB
Available physical RAM: 3163.3 MB
Total Pagefile: 11200.84 MB
Available Pagefile: 8274.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.77 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI106412W0C) (Fixed) (Total:581.38 GB) (Free:359.92 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BURKS-PC
 
Administrator            Burks                    Guest                    
 
 
**** End of log ****
  1.  


#4 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 02 July 2014 - 04:09 PM

JST Log:

i will run adwcleaner in a few minutes as avast has found something during a scan

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Burks on Wed 07/02/2014 at 15:07:29.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F15723D-0A87-4614-8215-4764C04949D1}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\windows\syswow64\shoB11F.tmp
Successfully deleted: [File] C:\windows\syswow64\shoD7AB.tmp
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/02/2014 at 15:35:55.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 02 July 2014 - 08:52 PM

Ok this is adwcleaner 

 

 

# AdwCleaner v3.214 - Report created 02/07/2014 at 20:49:05
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Burks - BURKS-PC
# Running from : C:\Users\Burks\Desktop\New folder\AntiVirus\adwcleaner_3.214.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Burks\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [650 octets] - [02/07/2014 20:49:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [709 octets] ##########


#6 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 02 July 2014 - 08:59 PM

This is the adwcleaner log after reboot

 

 

 

# AdwCleaner v3.214 - Report created 02/07/2014 at 20:52:54
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Burks - BURKS-PC
# Running from : C:\Users\Burks\Desktop\New folder\AntiVirus\adwcleaner_3.214.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Burks\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.wayfair.com/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=true
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [788 octets] - [02/07/2014 20:49:05]
AdwCleaner[S0].txt - [1060 octets] - [02/07/2014 20:52:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1120 octets] ##########


#7 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 July 2014 - 12:46 AM

ESET Online Scanner
 
 
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RVZCY1R.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$R6ISX5Y.1\Space Engineers\IGG-Space.Engineers.v01.028.008\Space Engineers\Bin\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$R6ISX5Y.1\Space Engineers\IGG-Space.Engineers.v01.028.008\Space Engineers\Bin64\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RAAVNQY\Bin\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RAAVNQY\Bin64\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RGREJCO\Bin\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RGREJCO\Bin64\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RZ4WP69.008\Space Engineers\Bin\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-2443831474-3832041894-517897381-1001\$RZ4WP69.008\Space Engineers\Bin64\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\All Users\InstallMate\{5D7F7905-1FBC-406F-A284-579E869C5BF3}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\Users\All Users\InstallMate\{DEBB0879-C199-46A2-A449-89BB05582A8F}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application deleted - quarantined
C:\ProgramData\InstallMate\{5D7F7905-1FBC-406F-A284-579E869C5BF3}\Custom.dll Win32/InstalleRex.L potentially unwanted application deleted - quarantined
C:\ProgramData\InstallMate\{DEBB0879-C199-46A2-A449-89BB05582A8F}\Custom.dll Win32/InstalleRex.L potentially unwanted application deleted - quarantined
C:\Users\Burks\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/AdWare.1ClickDownload.AR application cleaned by deleting - quarantined
C:\Users\Burks\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\Burks\Desktop\New folder\Rust 14.03\Rust Launcher.exe Win32/HackTool.Steam.E trojan cleaned by deleting - quarantined
C:\Users\Burks\Downloads\CheatEngine63.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Burks\Downloads\FL Studio Producer Edition 11.0.0 Final - R2R [ChingLiu]\flstudio_11.exe Win32/OpenCandy potentially unsafe application deleted - quarantined


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:22 AM

Posted 03 July 2014 - 09:16 AM

Ok, there were a few Trojans removed.. I see you have 2 Antivirus' running, Avast and Norton. You need to uninstall one as they will conflict and cause other issues.

In Control Panel uninstall all Java and reboot.

Update to Adobe Reader XI
NOTE: UN check any boxes that install other options , like toolbars.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 July 2014 - 09:22 AM

Norton's subscription ran out, do i still need to uninstall it?



#10 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 July 2014 - 09:56 AM

I rebooted and ran Temp cleaner. I didnt need a reboot and the problem hasnt occured yet but im still waiting. Also i searched the internet and a few people have my problem with avast blocking multiple malicious urls at one time.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:22 AM

Posted 03 July 2014 - 10:42 AM

If you would like to be certain there is nothing lurking Post a new topic.. "Am I clean"

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 SonnyBiz

SonnyBiz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 July 2014 - 12:04 PM

attach.zip

This is the DDS

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126
Run by Burks at 11:54:21 on 2014-07-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5601.3378 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: {4F524A2D-5637-4300-76A7-7A786E7484D7} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Google Update] "C:\Users\Burks\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Burks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Burks\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Burks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E59DEF5B-79D6-4260-A41C-4B58B9FFF61E} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{EE27D353-6CA8-4EDD-91DE-FF4BBD9A9FEA} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EE27D353-6CA8-4EDD-91DE-FF4BBD9A9FEA}\2375942554634353 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: {4F524A2D-5637-4300-76A7-7A786E7484D7} - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-6-13 31872]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-5-30 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-5-30 208416]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-7-2 26176]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-5-30 1039096]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-5-30 423240]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-23 150104]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-7-2 4725440]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-6-13 235520]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-30 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-5-30 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-5-30 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-30 50344]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-27 2279608]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-11-27 9216]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-7-2 127752]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-10-23 232424]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-8-29 138272]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [2012-6-13 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-6-13 126392]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-5-13 105448]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-9 295360]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-7-2 71472]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2012-6-13 103552]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2012-6-13 220288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-6-13 95248]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-23 1525848]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-8-29 167072]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-7-2 57024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-12 137648]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-6-13 9216]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130927.001\IDSviA64.sys [2013-9-27 520280]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-16 103536]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-13 38096]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-6-13 313448]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-6-13 1145448]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-8-29 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-8-29 1129120]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-8-29 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-8-29 405624]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-6-13 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2012-2-24 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2012-6-13 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-5-15 88400]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-6-8 345984]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-17 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-7-2 122584]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-6-10 976672]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-8-28 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-03 02:01:50 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-03 01:48:54 -------- d-----w- C:\AdwCleaner
2014-07-02 20:07:24 -------- d-----w- C:\windows\ERUNT
2014-07-02 19:52:35 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-02 19:34:26 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98CBDCDA-FB5C-4950-88E6-DD26A2FE1968}\mpengine.dll
2014-07-02 19:29:43 -------- d-----w- C:\Program Files\HitmanPro
2014-07-02 17:37:15 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-07-02 14:48:27 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-07-02 14:48:12 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-07-02 14:48:12 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-07-02 14:48:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-07-02 04:40:45 -------- d-----w- C:\ProgramData\HitmanPro
2014-07-02 03:46:23 -------- d-----w- C:\FRST
2014-07-02 01:57:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 01:42:09 -------- d-----w- C:\ProgramData\df885be455b67944
2014-07-02 01:42:04 -------- d-----w- C:\Users\Burks\AppData\Local\Comodo
2014-07-01 22:19:51 -------- d-----w- C:\ProgramData\GFACE
2014-07-01 22:19:48 -------- d-----w- C:\Users\Burks\AppData\Local\wf-launcher
2014-07-01 17:10:53 -------- d-----w- C:\Users\Burks\AppData\Local\Apps
2014-07-01 17:10:48 -------- d-----w- C:\Users\Burks\AppData\Local\Deployment
2014-06-27 15:32:25 98942 ----a-w- C:\ProgramData\1403882997.bdinstall.bin
2014-06-27 15:29:56 37824 ----a-w- C:\ProgramData\1403882993.bdinstall.bin
2014-06-26 04:00:54 1431552 ----a-w- C:\windows\SysWow64\rewire.dll
2014-06-26 04:00:54 -------- d-----w- C:\Program Files (x86)\VstPlugins
2014-06-26 03:59:54 -------- d-----w- C:\Users\Burks\AppData\Roaming\Image-Line
2014-06-26 03:59:52 -------- d-----w- C:\Program Files\Image-Line
2014-06-26 03:59:39 1554944 ----a-w- C:\windows\SysWow64\vorbis.acm
2014-06-26 03:59:28 -------- d-----w- C:\Users\Burks\AppData\Roaming\FlowStone
2014-06-26 03:59:25 -------- d-----w- C:\Program Files (x86)\DSPRobotics
2014-06-26 03:52:19 -------- d-----w- C:\Program Files (x86)\Image-Line
2014-06-26 02:10:02 302516 ----a-w- C:\ProgramData\1403748200.bdinstall.bin
2014-06-26 02:03:42 -------- d-----w- C:\Program Files\Bitdefender
2014-06-26 01:55:57 811 ----a-w- C:\ProgramData\1403747753.10860.bin
2014-06-26 01:55:56 2053 ----a-w- C:\ProgramData\1403747753.10280.bin
2014-06-26 01:55:53 44651 ----a-w- C:\ProgramData\1403747753.8912.bin
2014-06-26 01:52:45 45674 ----a-w- C:\ProgramData\1403747524.bdinstall.bin
2014-06-26 00:31:34 -------- d-----w- C:\Users\Burks\AppData\Roaming\raidcall
2014-06-26 00:31:18 -------- d-----w- C:\Program Files (x86)\RaidCall
2014-06-25 21:29:17 -------- d-----w- C:\Program Files (x86)\iMobie
2014-06-25 16:36:26 189 ----a-w- C:\ProgramData\1403714180.5720.bin
2014-06-25 16:36:25 2052 ----a-w- C:\ProgramData\1403714180.1476.bin
2014-06-25 16:36:20 41058 ----a-w- C:\ProgramData\1403714180.5124.bin
2014-06-25 16:36:19 -------- d-----w- C:\Users\Burks\AppData\Roaming\QuickScan
2014-06-24 16:02:55 -------- d-----w- C:\Users\Burks\AppData\Local\DayZ
2014-06-18 19:29:24 -------- d-----w- C:\Program Files (x86)\Audacity
2014-06-17 15:46:29 -------- d-----w- C:\Users\Burks\AppData\Local\next car game free technology demo
2014-06-17 15:25:49 -------- d-----w- C:\Program Files (x86)\Next Car Game Free Technology Demo
2014-06-17 13:50:51 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2014-06-17 13:50:51 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-06-17 13:50:51 2048 ----a-w- C:\windows\System32\msxml6r.dll
2014-06-17 13:50:51 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-06-17 13:50:51 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-06-17 13:50:51 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-06-17 13:50:51 1389056 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-06-17 13:50:51 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-06-17 13:50:49 801280 ----a-w- C:\windows\System32\usp10.dll
2014-06-17 13:50:49 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-06-17 13:50:45 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-06-17 13:50:45 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-06-17 13:46:04 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-17 13:46:03 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-16 23:48:58 -------- d-----w- C:\Users\Burks\AppData\Roaming\Spintires
2014-06-13 03:10:00 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
2014-06-13 03:09:50 -------- d-----w- C:\ProgramData\Overwolf
2014-06-13 03:09:41 -------- d-----w- C:\Program Files (x86)\Overwolf
2014-06-13 03:07:36 -------- d-----w- C:\Users\Burks\AppData\Roaming\TS3Client
2014-06-13 03:07:30 -------- d-----w- C:\Users\Burks\AppData\Local\Overwolf
2014-06-13 03:07:12 -------- d-----w- C:\Users\Burks\AppData\Local\TeamSpeak 3 Client
2014-06-13 02:57:37 -------- d-----w- C:\Users\Burks\AppData\Roaming\.technic
2014-06-08 17:57:39 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2014-06-07 13:28:30 -------- d-----w- C:\ProgramData\SIX Networks
2014-06-07 13:28:11 -------- d-----w- C:\Users\Burks\AppData\Local\IsolatedStorage
2014-06-07 13:28:05 -------- d-----w- C:\Users\Burks\AppData\Roaming\SIX Networks
2014-06-07 13:28:04 -------- d-----w- C:\Users\Burks\AppData\Local\SIX Networks
2014-06-07 03:20:48 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2014-06-07 01:26:56 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-06-07 01:26:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-06-06 21:33:08 -------- d-----w- C:\Users\Burks\AppData\Local\ArmA 2 Free
2014-06-06 16:44:27 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio
2014-06-06 15:29:48 -------- d-----w- C:\Users\Burks\AppData\Local\DayZCommander
2014-06-06 15:29:31 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2014-06-06 15:00:03 -------- d-----w- C:\Users\Burks\AppData\Roaming\Tunngle
2014-06-06 14:46:09 31232 ----a-w- C:\windows\System32\drivers\tap0901t.sys
2014-06-06 14:39:12 -------- d-----w- C:\Users\Burks\AppData\Local\ArmA 2 OA
2014-06-05 20:00:07 -------- d-----w- C:\ProgramData\LumaEmu_SteamCloud
2014-06-05 12:49:47 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-05 11:50:58 -------- d-----w- C:\Users\Burks\AppData\Roaming\Awesomium
2014-06-05 00:40:24 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
.
==================== Find3M  ====================
.
2014-06-03 13:32:14 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-03 13:32:14 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:00:33 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-31 05:00:33 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-31 04:59:24 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-05-31 04:59:24 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-05-31 04:59:24 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-05-31 04:59:24 43152 ----a-w- C:\windows\avastSS.scr
2014-05-31 04:59:24 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-05-31 04:59:24 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-04-15 07:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-15 00:41:55 291760 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2014-04-15 00:41:55 291760 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2014-04-15 00:34:27 291488 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2014-04-14 21:26:13 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 11:55:33.46 ===============

Edited by SonnyBiz, 03 July 2014 - 12:05 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:22 AM

Posted 03 July 2014 - 01:28 PM

Please repost your logs as per step 8, here Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users